784 matches found
Key Takeaways From The Take Command Summit: Enhancing Cybersecurity Culture
Building a resilient cybersecurity culture is crucial in today's digital landscape. The recent Rapid7 Take Command Summit session titled "Commander in Chief: Enhancing Cybersecurity Culture" offered valuable insights into fostering a strong security mindset within organizations. Here are three ke...
Increasing transparency in cloud security: Wiz is now a CVE Numbering Authority (CNA)
Our next steps and hope for the industry...
Atari Asteroids Hack Sparks Debate on Blockchain Gaming Transparency
Ataris Asteroids game was exposed as a fake "on-chain" experience. Stackr Labs reveals how the games leaderboard was…...
Video with alpha transparency on the web
I've been helping some teams at Shopify improve page load performance, and the issue of 'videos with an alpha channel' kept coming up, where videos of UI mocks needed to be composited on top of inconsistent backgrounds, such as larger CSS backgrounds. Often a good solution here is to create the...
Video with alpha transparency on the web
I've been helping some teams at Shopify improve page load performance, and the issue of 'videos with an alpha channel' kept coming up, where videos of UI mocks needed to be composited on top of inconsistent backgrounds, such as larger CSS backgrounds. Often a good solution here is to create the...
How a Trust Center Solves Your Security Questionnaire Problem
Security questionnaires aren't just an inconvenience — they're a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate securi...
ZDI Slams Microsoft for Not Crediting It in Last Week’s Patch Tuesday
Microsoft faces backlash from Zero Day Initiative ZDI and security researchers over lack of transparency in vulnerability disclosure…...
Toward greater transparency: Unveiling Cloud Service CVEs
Welcome to the second installment in our series on transparency at the Microsoft Security Response Center MSRC. In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers, communities,...
Google will start deleting location history
Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places theyve been ...
HackerOne: [ Spot Check ] Team members can edit a user's write-up
Team members could edit a user's spot check write-up. The write-up could be modified through a GraphQL request, even though there was no option to edit the write-up in the user interface. This was considered unintended functionality, as HackerOne had previously fixed vulnerabilities where team...
On the Zero-Day Market
New paper: "Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market": Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike an...
AI Trust Risk and Security Management: Why Tackle Them Now?
Co-authored by Sabeen Malik and Laura Ellis In the evolving world of artificial intelligence AI, keeping our customers secure and maintaining their trust is our top priority. As AI technologies integrate more deeply into our daily operations and services, they bring a set of unique challenges tha...
com.appmattus.certificatetransparency:certificatetransparency (>=0.3.0 <=1.1.1), com.appmattus.certificatetransparency:certificatetransparency-android (>=0.3.0 <=1.1.1) +27 more potentially affected by CVE-2024-30171 via org.bouncycastle:bctls-jdk15to18 (>=1.66 <=1.70)
org.bouncycastle:bctls-jdk15to18 MAVEN version =1.66, =0.3.0, =0.3.0, =2.0.0, =1.0.0, =1.0.0, =5.23.1, =3.8.1, =1.9.1, =1.0.0-LOCAL, =1.0.0, =2.15.1, =1.0.2, =1.8.1, =1.8.6 and more Source cves: CVE-2024-30171 Source advisory: OSV:GHSA-V435-XC8X-WVR9...
Rapid7 Signs 100% Talent Compact with Boston Women’s Workforce Council
The effort aims to help close gender and racial pay gaps Rapid7 is proud to announce their signing of the 100% Talent Compact through the Boston Women’s Workforce Council BWWC. The Talent Compact is a collective effort among the Boston Mayor and local employers to close the gender and racial wage...
Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale
Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details...
CISO Perspectives on Complying with Cybersecurity Regulations
Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance i...
BIT-COSIGN-2024-29903 Cosign vulnerable to machine-wide denial of service via malicious artifacts
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...
CVE-2024-29902
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as ...
CVE-2024-29903 Cosign vulnerable to machine-wide denial of service via malicious artifacts
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...
CVE-2024-29902 Cosign vulnerable to system-wide denial of service via malicious attachments
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as ...