CISA launched a new software vulnerability enrichment program to fill the gap left by NIST’s National Vulnerability Database backlog
Monthly Archives: May 2024
#RSAC: Researchers Share Lessons from the World’s First AI Security Incident Response Team
Researchers from Carnegie Mellon University have shared an overview of their new AI Security Incident Response Team (AISIRT)
Six Austrians Arrested in Multi-Million Euro Crypto Scheme
Europol and Eurojust targeted the orchestrators of a cryptocurrency scam launched in December 2017
10,000 Customers’ Data Exposed in UK Government Breaches
The findings come from Apricorn, based on annual Freedom of Information (FOI) responses from 2023
Stephen Khan Receives Infosecurity Europe Hall of Fame Award, to Deliver Keynote on Four Essential Attributes CISOs Need to Succeed
The award recognises Khan’s outstanding contributions to the field and his role in shaping the cybersecurity industry
A Third of Tech CISOs Are Unhappy With Their Income
IANS Research data finds many tech CISOs are concerned about their compensation as salaries stagnate
MedStar Health and DocGo Reveal Data Breaches
MedStar Health and DocGo have become the latest US healthcare providers to announce cybersecurity incidents
DSA-5685-1 wordpress – security update
Several security vulnerabilities have been discovered in WordPress, a popular
content management framework, which may lead to exposure of sensitive
information to an unauthorized actor in WordPress or allowing unauthenticated
attackers to discern the email addresses of users who have published public
posts on an affected website via an Oracle style attack.
Furthermore this update resolves a possible cross-site-scripting vulnerability,
a PHP File Upload bypass via the plugin installer and a possible remote code
execution vulnerability which requires an attacker to control all the
properties of a deserialized object though.
DSA-5683-1 chromium – security update
Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.