Novel Exploit Chain Enables Windows UAC Bypass
Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really…
Could Security Misconfigurations Become No. 1 in OWASP Top 10?
As Superman has kryptonite, software has weaknesses — with misconfigurations leading the pack.
Progress urges admins to patch critical WhatsUp Gold bugs ASAP
Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon…
Memory-Safe Code Adoption Has Made Android Safer
The number of memory bugs in Android declined sharply after Google began transitioning to Rust for new features in its…
Google sees 68% drop in Android memory safety flaws over 5 years
The percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in…
Critical Ivanti vTM auth bypass bug now exploited in attacks
CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual…
Microsoft Trims Cloud Cyberattack Surface in Security Push
The company has jettisoned hundreds of thousands of unused apps and millions of unused tenants as part of its Secure…
Innovator Spotlight: Qwiet
The volume of code needed is greater than ever while cycles to produce said code are shrinking. One of the…
CISA Releases Plan to Align Cybersecurity Across Federal Agencies
The FOCAL plan outlines baselines to synchronize cybersecurity priorities and policies across, as well as within, agencies.
Ivanti’s Cloud Service Appliance Attacked via Second Vuln
The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).