Security News
Plus more pain for Intel which fixed 43 bugs, SAP and Adobe also in on the action Patch Tuesday Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and...
Microsoft has released the KB5041580 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 14 changes and fixes, including BitLocker fixes and important security updates. [...]
The bug allows malicious software and rogue privileged users with access to the operating system kernel to run code in System Management Mode, a highly privileged execution environment present in x86 processors from Intel and AMD. SinkClose is unique to AMD. SMM sits below the kernel and hypervisor, as well as applications, in that the management mode has unrestricted access to and control of the machine. ZenHammer comes down on AMD Zen 2 and 3 systems Apple, AMD, Qualcomm GPU security hole lets miscreants snoop on AI training and chats What's going on with AMD funding a CUDA translation layer, then nuking it? AMD's latest desktop CPUs feature lower prices yet again as Intel readies a fightback.
Nightfall AI's research revealed that secrets like passwords and API keys were most often found in GitHub, with nearly 350 total secrets exposed per 100 employees every year. Companies who have embraced modern cloud, SaaS and GenAI environments have only just begun to uncover the hidden risks of secret sprawl, which occurs when sensitive information like API keys or passwords are spread to apps, files and messages where they don't belong.
Attackers impersonating the Security Service of Ukraine (SSU) have used malicious spam emails to target and compromise systems belonging to the country's government agencies. [...]
Secureworks CEO Wendy Thomas, who visited Australia in July 2024, told TechRepublic that the XDR offering was appealing to mid-market customers in Australia who may not have the budget or capabilities to build their own security operations centre but are concerned about the possibility of cyber attacks - especially after a number of large local breaches in the region. Thomas added that the future of cyber security in Australia and APAC could include more offensive operations from governments in cooperation with private-sector security providers to disrupt or take down threat actors.
Maybe not surprising then that cloud security often tops the CISO agenda but it's a complex topic to keep on top of. Entirely free of charge, this annual meeting of top security minds is an opportunity for security professionals everywhere to learn from, and network with, experts and peers to build on their existing cloud security knowledge.
Scout Suite is an open-source, multi-cloud security auditing tool designed to assess the security posture of cloud environments. By leveraging the APIs provided by cloud vendors, Scout Suite collects and organizes configuration data, making it easier to identify potential risks.
Traditional cloud security issues often associated with cloud service providers are continuing to decrease in importance, according to the Top Threats to Cloud Computing 2024 report by the Cloud Security Alliance. "It's tempting to think that the reason the same issues have remained in the top spots since the report was last issued stems from a lack of progress in securing these features. The larger picture speaks to the importance placed on these vulnerabilities by organizations and the degrees to which they are working to build ever more secure and resilient cloud environments," said Michael Roza, co-chair, Top Threats Working Group.
Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and...