Please turn on your JavaScript for this page to function normally.
software
Unlocking sustainable security practices with secure coding education

Despite stringent regulations and calls for ‘security by design’, organizations are still failing to equip teams with the knowledge to secure code, according to Security …

vulnerability
The effect of omission bias on vulnerability management

Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has …

patch tuesday
November 2023 Patch Tuesday forecast: Year 21 begins

The October forecast for large numbers of CVEs addressed in Windows 10 and 11 and the recent record on the number fixed in Windows Server 2012 was spot on! Microsoft addressed …

Kubernetes
Organizations lack the skills and headcount to manage Kubernetes

The Kubernetes industry is undergoing rapid change and evolution due to the growth of edge computing, the acceleration of AI, and the pressing need to modernize Kubernetes …

patch
Why legacy system patching can’t wait

The persistent neglect of patching legacy systems is plaguing critical infrastructure and industries. The consequences of such neglect can be damaging to organizations, …

Curl
Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older …

Curl
Be prepared to patch high-severity vulnerability in curl and libcurl

UPDATE (October 11, 2023, 07:15 a.m. ET): Curl v8.4.0 is out and fixes both CVE-2023-38545, a SOCKS5 heap buffer overflow vulnerability and CVE-2023-38546, a cookie injection …

danger
Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

UPDATE (September 28, 2023, 03:15 a.m. ET): The CVE-2023-5129 ID has been either rejected or withdrawn by the CVE Numbering Authority (Google), since it’s a duplicate of …

BYOD
Baseline standards for BYOD access requirements

49% of enterprises across Europe currently have no formal Bring-Your-Own-Device (BYOD) policy in place, meaning they have no visibility into or control over if and how …

vulnerabilities
Old vulnerabilities are still a big problem

A recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote …

Android
Android n-day bugs pose zero-day threat

In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022. N-days …

patch
A step-by-step guide for patching software vulnerabilities

Coalition’s recent Cyber Threat Index 2023 predicts the average Common Vulnerabilities and Exposures (CVEs) rate will rise by 13% over 2022 to more than 1,900 per month in …

Don't miss

Cybersecurity news