by Paul Ducklin “PRIVATE KEY”: THE HINT IS IN THE NAME No audio player below? Listen directly on Soundcloud. With Doug Aamoth...

It was bound to happen sooner or later. For what looks like the first time ever, bug hunters used ChatGPT in a successful Pwn2Own...

by Paul Ducklin CAN WE STOP WITH THE “SOPHISTICATED” ALREADY? The birth of ENIAC. A “sophisticated attack” (someone got phished). A...

by Paul Ducklin Deciphering Microsoft’s official Update Guide web pages is not for the faint-hearted. Most of the information you need,...

Isaiah WashingtonFollowFeb 6·8 min readby Isaiah Washington$3B+ lost to smart-contract exploits in 2022 (Chainalysis) exposes the immaturity of the security landscape and the underuse...

Unpatched software is a computer code containing known security weaknesses. Unpatched vulnerabilities refer to weaknesses that allow attackers to leverage a known security bug that has not been patched by running malicious code. Software vendors write additions to the codes, known as "patches," when they come to know about these application vulnerabilities to secure these weaknesses. Adversaries

Popular cryptocurrency exchange Coinbase has a white hat hacker to thank after he discovered a potential security flaw that could have resulted in devastating losses for customers. Coinbase Could Have Been Stuck in a Rut The security engineer who discovered the problem goes by the name Tree of Alpha. A real name is unknown at...

The post A Coinbase Security Flaw Was Stopped Just in Time appeared first on Live Bitcoin News.

A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!

Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi,

Several vulnerabilities, including some that have been rated “critical,” were found in the past months in Moxa’s MXview industrial network management software.

read more

The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another.

Network-attached storage (NAS) solutions manufacturer QNAP on Wednesday warned users of a DeadBolt ransomware campaign targeting their devices, encouraging them to correctly secure any Internet-facing NAS and routers.

read more