Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. Open source supply, demand, and security dynamics Supply increased 20%. The top four open source ecosystems now contain a combined 37,451,682 different versions of components.
Millions of devices running the HP Omen Gaming Hub were using on a driver with a bug that could give attackers kernel-mode access without administrator privileges. HP has since released a patch, but a new report on the flaw from researchers from SentinelLabs details how the gaming software was built in part by copying code from a problematic open-source driver called WinRing0.
For CISOs, juggling the vast scale of a tech stack and the attackers using increasingly sophisticated techniques calls for a new approach to security to keep systems, data, and devices safe. We get alerts from our development platforms, the Continuous Integration system, the security monitoring tools, even our watches.
A just-patched, critical remote code-execution vulnerability in the Atlassian Confluence server platform is suffering wide-scale exploitation, the Feds have warned - as evidenced by an attack on the popular Jenkins open-source automation engine. Atlassian Confluence is a collaboration platform where business teams can organize its work in one place: "Dynamic pages give your team a place to create, capture, and collaborate on any project or idea," according to the website.
With COVID-19 variants on the rise, widespread remote work may be sticking around longer than IT leaders would like, which comes with a heightened risk for cyberattacks that could expose customer data, steal company information, or take control of internal operations. Three out of four "Common" data security breaches are caused by privilege misuse - when employees have unrestricted access to a system even when it's not needed to do their job.
On Tuesday, the FBI and CISA released an advisory, warning organizations to "Remain vigilant" to cybersecurity threats heading toward the holiday weekend. The federal advisory makes note of "Recent holiday targeting," stating that "Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends." Neither FBI nor CISA has information about a cyberattack "Coinciding with upcoming holidays and weekends," per the advisory, but the document says cybercriminals may see holidays and weekends as "As attractive timeframes" to "Target potential victims."
Hackers can easily access devices through mobile apps. Mobile app security threats have arisen over the years.
The Boston Public Library has disclosed today that its network was hit by a cyberattack on Wednesday, leading to a system-wide technical outage. It is the third-largest public library in the United States behind the federal Library of Congress and the New York Public Library, based on the total number of items it holds.
This form of encryption essentially creates a virtual safe for your data that can only be unlocked with a passcode. If encryption is so easy, why don't people do it?
Zero-trust is a good way to prevent hackers from gaining control of our infrastructure and energy industries, expert says. TechRepublic's Karen Roby spoke with Greg Valentine, solution director for Capgemini, about cybersecurity in the energy sector.