Security News > 2024

Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain...

After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect's phone. Judge] Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to obtain more data from Google.

In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations...

A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy. 9hits is a web traffic exchange platform where members can drive traffic to each others' sites.

Security researchers have pinned a DDoS botnet that's infected potentially millions of smart TVs and set-top boxes to an eight-year-old cybercrime syndicate called Bigpanzi. "The potential for Bigpanzi-controlled TVs and STBs to broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability," said researchers at Chinese security biz Qianxin.

A critical vulnerability affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned.Patches are available and VMware recommends upgrading to VMware Aria Automation 8.16.

Multiple Atlassian Jira products are experiencing an ongoing outage as of this morning. BleepingComputer can confirm that Jira services are experiencing connection issues since this morning, at least as of 3:45 AM Eastern time.

"These types of solutions offer an integrated platform approach to cloud security that allows security teams to save time and gain visibility, leading to operational efficiencies, tool consolidation, and streamlined compliance," it concludes. The report highlights how Trend Vision One delivers an integrated platform that meets the needs of both cloud and security teams, with functionality including cloud-native application protection platform capabilities, that provide comprehensive, automated and connected protection across cloud environments.

Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI)...

The future of data privacy is the end of compromise. With the world producing data at astounding rates, we need ways to put data to the best use while protecting against breaches and ensuring privacy, data protection and access control.