Security researchers have uncovered 16 zero-day vulnerabilities in Japanese equipment manufacturer Fuji Electric's Tellus and V-Server remote monitoring software that enable attackers to execute malicious code in devices commonly used by utilities and other critical infrastructure providers.
Wiz acquired application security posture management startup Dazz for $450 million to provide enterprises with a unified code-to-cloud solution. CEO Merav Bahat highlights how this partnership will streamline vulnerability management and strengthen remediation capabilities for global organizations.
Dennis Giese, a security researcher and engineer, built his first computer at around age 8 using spare parts. Years later, he hacked his first robotic vacuum cleaner. Giese reflects on his journey as a researcher and ethical hacker during HardPwn, a hardware hackathon hosted by Hardwear.io in Amsterdam.
Western governments should take a page from China's cybersecurity playbook and sponsor sector-specific capture-the-flag competitions, not just for talent development and recruitment but also to help forge strong "social bonds," says a new report from Washington think tank Atlantic Council.
Researchers demonstrated that multiple brands of EV charging stations have vulnerabilities due to manufacturers often leaving open and unsecured SSH and HTTP ports. The risks of these vulnerabilities range from an expanded attack surface to a launching pad for assaults on the power grid.
Despite heavy security investments, banks still struggle with basic security issues such as default passwords, vendor vulnerabilities and social engineering scams. Scott Weinberg, CEO of Neovera, shares a new report that shows banks of all sizes still grapple with these common risks.
Showcasing the latest innovations in hardware security, experts from more than 100 companies worldwide have gathered this week at Hardwear.io in Amsterdam. The annual event and hardware hackathon examines current and future challenges and solutions in hardware security.
A critical vulnerability in Open Policy Agent could expose NTLM credentials from Windows systems, potentially affecting millions of users. Researchers at Tenable warn that attackers could exploit the flaw through social engineering. Users must update to version v0.68.0 immediately to mitigate risks.
Security researchers have developed an AI tool that can detect remote code flaws and arbitrary zero-day code in software. Protect AI applied the tool to nearly 10,000 GitHub projects and on CVSS data and uncovered local file inclusion, cross-site scripting and remote code flaws in APIs.
Hackers may have circumvented a months-old patch for Fortinet gateway devices leading to a warning from the U.S. federal government over its active exploitation. Some security researchers say a February patch may not have fully squashed a flaw.
With the acquisition of New York-based startup Kivera, Cloudflare will enhance its Cloudflare One platform, adding proactive controls that secure cloud environments, prevent misconfigurations and improve regulatory compliance for businesses using multiple cloud providers.
Jana Partners has raised its stake in cybersecurity vendor Rapid7 to 13% and is pushing for the company to consider selling itself. The activist investor teamed up with Cannae Holdings and is engaged in discussions with Rapid7's management to explore operational improvements and board restructuring.
Google says switching to a memory-safe language such as Rust under its Safe Coding program has helped significantly reduce the number of vulnerabilities in Android systems. The number of vulnerabilities uncovered in Android devices has fallen from over 200 in 2019 to fewer than 50 by 2024.
Organizations face growing challenges from cyber incidents. Former CISOs Heather Lowrie and Jon Staniforth share insights on enhancing preparedness through cyber exercises, proactively communicating with law enforcement and ensuring consistent messaging during incidents.
Picus Security has received $45 million in funding led by Riverwood Capital. The investment will accelerate product development in exposure management, including attack surface management and automated pen testing. The company plans to expand further in the Americas, targeting key growth areas.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.