Month: December 2022

Understanding the relationship between development operations (DevOps) and the agile software development (Scrum) framework is critical for organizations to create a secure, rapid application development lifecycle.  DevOps managers coordinate how...

Eufy, an Anker security camera brand, has been under fire for quite some time due to security concerns about uploaded footage, which it recently admitted. Eufy has received a lot...

The Linux Kernel has grown in scope and functionality over the years. New schedulers, new drivers, new filesystems, new communication protocols, new security holes… oh, wait. That last one is...

Talos researchers recently uncovered a phishing campaign that uses Scalable Vector Graphics (SVG) images embedded in HTML email attachments to distribute QBot malware. Basically, when the victim of this attack...

Frameworks are an effective tool in cybersecurity because of the complexity of cybersecurity challenges and because so many organizations have so little structure to their cybersecurity operations. Introduced in 2014,...

Google has launched OSV-Scanner, a free tool for open-source developers to easily access vulnerability information. It is said to include an interface to the OSV database which links a project’s...

VMware has released patches for a number of vulnerabilities, including a virtual machine escape flaw, CVE-2022-31705, which was exploited during the GeekPwn 2022 hacking challenge, as part of this month’s...

The U.S. National Security Agency has warned that a Chinese state-sponsored group is exploiting an unauthenticated remote code execution flaw (CVE-2022-27518) to compromise Citrix Application Delivery Controller (ADC) deployments. According...

Eclypsium Research has identified and reported three vulnerabilities in American Megatrends, Inc. (AMI) MegaRAC Baseboard Management Controller (BMC) software. This is used by AMD, Ampere, Asrock, Asus, Arm, Dell, Gigabyte, HPE,...

As part of developing and testing new patches, the KernelCare team has reevaluated the impact of the Retbleed patches. We have serious concerns that the patches may introduce instability and...

Google’s Threat Analysis Group discovered APT37, also known as Scarcruft or Reaper, a North Korean-linked hacking group, exploiting a zero-day vulnerability in Internet Explorer’s JScript engine by delivering malicious Microsoft...