There is no software without bugs, right? While this is a common sentiment, we make assumptions that rely on the premise that software has no bugs in our day-to-day digital life. We trust identity providers (IDPs) to get authentication right, operating systems to perfectly comply with their specs, and financial transactions to always perform as…

Congress is considering a US federal privacy law. It’s been brewing for the last ten years and is getting closer. On July 20, 2022, the House Energy and Commerce Committee overwhelmingly voted (53-2) to advance the American Data Privacy and Protection Act (ADPPA), H.R. 8152, to the full House of Representatives. But there are still…

The flaw affects Time-Triggered Ethernet (TTE), a networking technology specifically designed for real-time applications and cyber-physical systems with high safety and availability requirements. TTE is often used to reduce costs and improve efficiency as it allows mission-critical components to exist on the same network hardware as less important systems. For instance, life support systems can…

For the second consecutive month, the world’s largest software maker rushed out patches to cover vulnerabilities that were already exploited as zero-days in the wild, including a pair of belated fixes for Microsoft Exchange Server security defects targeted by a state-sponsored threat actor for several months. As part of its scheduled Patch Tuesday update process,…

The world’s largest software maker is warning that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks. According to a new report released Friday by Microsoft, China’s government hacking groups have become “particularly proficient at discovering and developing zero-day exploits” after strict mandates…

A type of cyberattack targeting applications or websites, denial-of-service (DoS) attacks aim to exhaust the target system’s resources to render it inaccessible to legitimate users. DDoS attacks may target server vulnerabilities to overload network resources or to consume these resources through the reflection of a high volume of network traffic to the target, or may…

The round, which brings the total raised by the company to nearly $320 million, was led by BlackRock, with participation from Silicon Valley Bank (SVB). The investment will be used to expand go-to-market strategies and enhance the company’s offering. Versa SASE offers security, networking, and analytics in a single software operating system. The solution is…

Cybersecurity Awareness Month, which was previously known as National Cybersecurity Awareness Month, is in its 19th year. Launched under the guidance of the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA), it aims to help Americans stay safe and secure online. This year’s campaign theme – See Yourself in Cyber –…

The vulnerability, which carries a CVSS severity score of 7.3/10, is documented as a debugging port misconfiguration that is opened by the Zoom client on macOS machines. Details from Zoom’s advisory: Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When…