Cybersecurity - The Stack (Page 24)

"Caught by the Fuzz" -- These free tools for hackers are also good for application security QA

Analysis by The Stack of over 90,000 vulnerabilities revealed a sharp growth in bugs associated with widely known “CWEs” – or potentially exploitable weaknesses that can occur in architecture, design, code, or implementation and which could potentially have been caught upstream in a secure development process. One control is to...

The Stack January 10, 2023

Read This

CircleCI

data breaches

CircleCI warns users to "immediately rotate all secrets" amid credential abuse evidence

Updated January 6, 11:00 BST: CircleCI has updated its advisory which deserves revisiting. CircleCI is calling on customers to “immediately rotate any and all secrets” after a security incident. The breach appears to have occurred around December 21 and to have gone unnoticed over the Christmas period. Credentials stolen...

The Stack January 05, 2023

Opinion: GCHQ's Director should not be playing guest editor on the BBC

Now was not the time...

Edward Targett January 03, 2023

CVEs

linux

vulnerabilities

Will this CVSS 10 Linux Kernel vuln ruin your holiday?

We're hopeful that Betteridge's law applies...

Edward Targett December 22, 2022

Peach and OSV-Scanner give fresh, free, food for thought on security

google

open source

Wiz

Peach and OSV-Scanner give fresh, free, food for thought on security

Two new cybersecurity tools “OSV-Scanner” and “Peach” that landed this week deserve attention – whether you are a CISO, Blue Team, or just trying to tighten up your application development or cloud practices. OSV-Scanner was released under an Apache 2.0 licence by Google. Peach is an open framework from Wiz...

The Stack December 15, 2022

2022's last Patch Tuesday brings Citrix, VMware, MSFT zero days

Critical Citrix, VMware, Microsoft vulnerabilities all need patching

The Stack December 14, 2022

Featured

malware

vmware

New malware discovered targeting VMware ESXi servers

Security researchers at Juniper Threat Labs say they have identified previously undocumented malware targeting VMware ESXi servers that is notable for its “simplicity, persistence and capabilities.” VMware’s ESXi is a bare metal hypervisor that is widely deployed in large enterprises to run software virtually, from applications to fully emulated...

The Stack December 13, 2022

Critical new pre-auth RCE Fortinet vulnerability exploited in wild

Fortinet has pushed out an emergency patch for a critical CVSS 9.3 vulnerability in numerous versions of its FortiOS operating system, which lets an unauthenticated, remote attacker (pre-auth RCE) take over systems. Critics would be forgiven for asking tough questions about QA and feeling like it was "deja...

The Stack December 13, 2022

"Caught by the Fuzz" -- These free tools for hackers are also good for application security QA

CircleCI warns users to "immediately rotate all secrets" amid credential abuse evidence

Opinion: GCHQ's Director should not be playing guest editor on the BBC

Will this CVSS 10 Linux Kernel vuln ruin your holiday?

Peach and OSV-Scanner give fresh, free, food for thought on security

2022's last Patch Tuesday brings Citrix, VMware, MSFT zero days

New malware discovered targeting VMware ESXi servers

Critical new pre-auth RCE Fortinet vulnerability exploited in wild