Security | News, how-tos, features, reviews, and videos
Trusting but verifying the code in the security software you use may not be an easy task, but it’s a worthwhile endeavor. Here are some recommended actions.
Software providers continue to rely on community support to help them identify code mistakes that can lead to malicious attacks.
Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure.
Customers of Oracle subsidiary NetSuite’s ERP offering may be unaware that their custom record types grant unauthenticated access to sensitive data readily consumable via NetSuite’s APIs.
Called the AI Risk Repository, the goal, its creators say, is to provide an accessible and updatable overview of risk landscape.
The zero-click hole, which was patched by Microsoft Tuesday, could point to far more vulnerabilities in the form-based architecture of Outlook.
Both the vulnerabilities score above 9 on CVSS and can allow access to sensitive data if not patched immediately.
The conversation around cybersecurity is abuzz with product pitches and promises of technological cure-alls, according to Exabeam CISO Tyler Farrar, who argues professionals need to reclaim the discussion.
Microsoft’s August Patch Tuesday covered 10 zero-day flaws, of which six are being exploited in the wild and four are publicly disclosed.
After years of review, the National Institute of Standards and Technology has chosen three encryption algorithms as the basis for its post-quantum security strategy.