Blog

Dept of Defense engineer took home top-secret docs, booked a fishing trip to Mexico – then the FBI showed up

So much for that vacation A US Department of Defense electrical engineer has turned his world upside down after printing 155 pages from 20 documents, all of which were marked top secret and classified, from his DoD workspace, brought them home with him – and was collared on…

Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist

Palming off the blame using an ‘unknown’ best practice didn’t go down well either In patching the latest critical remote code execution (RCE) bug in Backup and Replication, software shop Veeam is attracting criticism from researchers for the way it handles uncontrolled deserialization vulnerabilities.…

Too many software supply chain defense bibles? Boffins distill advice

How to avoid another SolarWinds, Log4j, and XZ Utils situation Organizations concerned about software supply chain attacks should focus on role-based access control, system monitoring, and boundary protection, according to a new preprint paper on the topic.…

The post-quantum cryptography apocalypse will be televised in 10 years, says UK’s NCSC

Wow, a government project that could be on time for once ... cos it's gonna be wayyyy more than a decade The UK's National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have ten years to migrate to a safer future.…

Attackers swipe data of 500k+ people from Pennsylvania teachers union

SSNs, payment details, and health info too The Pennsylvania State Education Association (PSEA) says a July 2024 "security incident" exposed sensitive personal data on more than half a million individuals, including financial and health info.…

Names, bank info, and more spills from top sperm bank

Cyber-crime is officially getting out of hand One of the world's largest sperm banks, California Cryobank, is in a sticky situation.…

IBM scores perfect 10 … vulnerability in mission-critical OS AIX

Big Blue's workstation workhorse patches hole in network installation manager that could let the bad guys in IBM "strongly recommends" customers running its Advanced Interactive eXecutive (AIX) operating system apply patches after disclosing two critical vulnerabilities, one of which has a perfect 10 severity score.…

Ex-US Cyber Command chief: Europe and 5 Eyes can’t fully replicate US intel

Cue deepening existential European dread as Rest of World contemplates Trump turning off the info tap If the United States stopped sharing cyber-threat intel with Ukraine, its European allies and the rest of the Five Eyes nations wouldn't be able to provide all the info Uncle Sam collects,…

Show top LLMs buggy code and they’ll finish off the mistakes rather than fix them

One more time, with feeling ... Garbage in, garbage out, in training and inference Researchers have found that large language models (LLMs) tend to parrot buggy code when tasked with completing flawed snippets.…

CISA fires, now rehires and immediately benches security crew on full pay

DOGE efficiency in action The upheaval at the US government's Cybersecurity and Infrastructure Security Agency, aka CISA, took another twist on Tuesday, as it moved to reinstate staffers it had fired over the past few weeks - specifically those still in their probationary period - though they've been…

Copyright © 2024 Lugapel