Leaders of cryptography took to the RSA Conference keynote stage to debate AI and blockchain
Daily Archives: June 7, 2022
#RSAC: Cybersecurity Industry Can Provide Soulful Jobs for Technologists Tired of Soulless Social Media Employers
The cybersecurity industry must capitalize, argued Bryan Palmer during his keynote talk at the RSA Conference
Virtru launches open-source project OpenTDF
Data protection provider Virtru is expanding its portfolio of encryption and privacy applications with the launch of its OpenTDF project, an open-source initiative to enable a universal standard for data control. By leveraging OpenTDF, developers can encrypt and protect sensitive data, and incorporate zero trust data control into their applications.
Virtru founder and CTO Will Ackerly’s first iteration of the project served as a function within in the U.S. National Security Agency (NSA), and it has also appeared as an open specification that the U.S. Office of the Director of National Intelligence (ODNI) hosted. Over time, the specification of TDF, or Trusted Data Format, has consistently informed efforts to facilitate sharing of sensitive data across disparate domains. Now, with OpenTDF’s launch, developers can access software development kits (SDKs), hosted in the OpenTDF GitHub repo, which simplifies how applications capable of governing sensitive data are built as it navigates through documents, video feeds, IoT sensors, and multi-party analytics.
Top 10 Malware April 2022
In April 2022, with the exception for both CryptoWall and RedLine returning to the Top 10, the lineup remained consistent with the previous month’s malware.
#RSAC: The Growing Relevance and Challenges of Privacy
Privacy is becoming a business issue, according to a panel of chief privacy officers at the RSA Conference 2022
USN-5464-1: E2fsprogs vulnerability
Nils Bars discovered that e2fsprogs incorrectly handled certain file
systems. A local attacker could use this issue with a crafted file
system image to possibly execute arbitrary code.
CVE-2020-36530
A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely.
CVE-2020-36529
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely.
CVE-2020-36528
A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2020-36527
A vulnerability, which was classified as problematic, has been found in Server Status. This issue affects some unknown processing of the component HTTP Status/SMTP Status. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.