In 2018, industry and academic researchers revealed a potentially devastating hardware flaw that made computers and other devices worldwide vulnerable to attack. Researchers named the vulnerability Spectre because the flaw was built into modern computer processors that get their speed from a technique called “speculative execution,” in which the processor predicts instructions it might end up executing…
Australia has decided that six-year-old children need education on cyber-security, even as it removes other material from the national curriculum. A newly revised draft of the national curriculum for children aged five to sixteen, launched yesterday, added a new strand titled “Considering privacy and security” that “involves students developing appropriate techniques for managing data, which…
Governance & Risk Management , IT Risk Management , Patch Management Permanent Fix Replaces Earlier Workaround Scott Ferguson (Ferguson_Writes) • May 3, 2021 Ivanti, parent company of Pulse Secure, published a permanent fix Monday for a zero-day vulnerability in Pulse Connect Secure VPN products that has been exploited to target U.S. government agencies,…
The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them. Synthesis of the vulnerability An attacker can trigger a buffer overflow via iNotes of HCL Domino, in order to trigger a denial of service, and possibly to run code.Impacted products: Domino by HCL,…
The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them. Synthesis of the vulnerability An attacker can trigger a fatal error via UUID Explain of MongoDB Server, in order to trigger a denial of service.Vulnerable software: MongoDB Server.Severity of this announce: 2/4.Creation date:…
Most mobile app users tend to blindly trust that the apps they download from app stores are safe and secure. But that isn’t always the case. To demonstrate the pitfalls and identify vulnerabilities on a large scale, cybersecurity and machine intelligence company CloudSEK recently provided a platform called BeVigil where individuals can search and check…
Fifteen people from various backgrounds have recently left a cave in south-west France after 40 days underground. The experiment was designed to see how the absence of clocks, daylight and external communications would affect the participants’ sense of time. Project director Christian Clot and Marina Lançon, one of the volunteers in the study, told BBC…
Agency Warns Attackers Could Use IT Exploits to Pivot to OT Systems Akshaya Asokan (asokan_akshaya) • May 1, 2021 The U.S. National Security Agency is offering operational technology security guidance for the Defense Department as well as third-party military contractors and others in the wake of the SolarWinds supply chain attack. See Also:…
On World Press Freedom Day, the journalist discusses attacks on female reporters and disinformation.
Researchers Uncover Iranian State-Sponsored Ransomware Operation | IT Security News 3. May 2021 Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis.“Iran’s Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign through an Iranian contracting company called ‘Emen Net Pasargard’…
