Security News

The FreeBSD Foundation, in partnership with the Alpha-Omega Project, has released the results of an extensive security audit of two critical FreeBSD components: the bhyve hypervisor and the...

An audit from the Department of Justice's Office of the Inspector General (OIG) identified "significant weaknesses" in FBI's inventory management and disposal of electronic storage media...

Over half of key stakeholders including audit committees, company boards, and chief financial officers are looking to internal audit teams to take on more risk-related work, according to AuditBoard. The study revealed that these expanding expectations are coming at a time when internal audit has limited bandwidth for advisory-related services - and increasing risk demand and insufficient risk management capacity are creating a risk coverage gap for the business.

SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager software, six of which allowed attackers to gain remote code execution on vulnerable devices. Access Rights Manager is a critical tool in enterprise environments that helps admins manage and audit access rights across their organization's IT infrastructure to minimize threat impact.

OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies. Depscan utilizes cdxgen to produce Software Bill-of-Materials, which allows us to support many different languages and source code configurations.

SolarWinds has patched five remote code execution flaws in its Access Rights Manager solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.Access Rights Manager allows companies to manage and audit access rights across their IT infrastructure to minimize insider threat impact and more.

According to the security policies, established in the organization, only 100 users had legitimate access rights to the file. Only a specialized advanced DCAP system is capable of revealing that a document with confidential content is kept in publicly available storage and that users inside corporate perimeter, who don't have legitimate access rights to the file, access or process it.

As the digital transformation of business accelerates, risk and internal audit leaders shift their focus to managing technology-driven risk, according to AuditBoard. In a continuation of a trend identified by the 2023 survey, the top 2024 risk cited by internal audit leaders is cyber and data security, with more than 80% of respondents not only rating this risk highly but also giving it the top spot for expected audit efforts in 2024.

Google Play, Android's official app store, is now tagging VPN apps with an 'independent security reviews' badge if they conducted an independent security audit of their software and platform. Starting with VPN apps, which Google considers critical for user privacy and security due to handling sensitive data, the Play Store will display the "Independent security review" badge in the Data Safety Section.

Despite the EPA's willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups. Republican state attorneys that were against the new proposed policies said that the call for new inspections could overwhelm state regulators.