software
HP Device Manager vulnerabilities may allow full system takeover
Three vulnerabilities affecting HP Device Manager, an application for remote management of HP Thin Client devices, could be chained together to achieve unauthenticated remote …
Review: ThreadFix 3.0
Maintaining a strong organizational security posture is a demanding task. Most best practices – e.g. CIS Controls, the OWASP Vulnerability Management Guide – …
iOS 14: New privacy and security features
Apple has released iOS 14, with a bucketload of new and improved functional features and a handful of privacy and security ones. New privacy and security features in iOS 14 …
Offensive Security releases Win-KeX 2.0, packed with new features
Win-KeX provides a Kali Desktop Experience for Windows Subsystem for Linux (WSL 2), and version 2.0 comes with useful features. Win-KeX 2.0 features Win-KeX SL (Seamless …
Attacks growing in both scope and sophistication, exposing gaps in the cloud native toolchain
There’s a growing, organized and increasingly sophisticated pattern of attacks on cloud native infrastructure, according to Aqua Security. While most attacks were aimed …
Securing Active Directory accounts against password-based attacks
Traditional password-based security might be headed for extinction, but that moment is still far off. In the meantime, most of us need something to prevent our worst instincts …
RedCommander: Open source tool for red teaming exercises
GuidePoint Security released a new open source tool that enables a red team to easily build out the necessary infrastructure. The RedCommander tool solves a major challenge …
Apple-notarized malware foils macOS defenses
Shlayer adware creators have found a way to get their malicious payload notarized by Apple, allowing it to bypass anti-malware checks performed by macOS before installing any …
Qualys Multi-Vector EDR: Protection across the entire threat lifecycle
Traditional endpoint detection and response (EDR) solutions focus only on endpoint activity to detect attacks. As a result, they lack the context to analyze attacks …
Worldwide AI spending to reach more than $110 billion in 2024
Global spending on AI is forecast to double over the next four years, growing from $50.1 billion in 2020 to more than $110 billion in 2024. According to IDC, spending on AI …
Confirmed: Browsing histories can be used to track users
Browsing histories can be used to compile unique browsing profiles, which can be used to track users, Mozilla researchers have confirmed. There are also many third parties …
Swap Detector: Open source tool for detecting API usage errors
GrammaTech has released Swap Detector, an open source tool that enables developers and DevOps teams to identify errors due to swapped function arguments, which can also be …