Cybersecurity

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default.

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows.

High-end bicycles used for high-profile road races such as the Tour de France are vulnerable to cybersecurity attacks targeting the bike’s wireless gear shifting system.

In recent years, bicycle manufacturers have adopted wireless gear-shifting technology, which gives riders better control over changing gears. The technology is not vulnerable to the physical issues that plague mechanical systems. However, the way the wireless systems were built created critical cybersecurity vulnerabilities, which a team of computer scientists from the University of California San Diego and Northeastern University have uncovered.

The conversation around cybersecurity is abuzz with product pitches and promises of technological cure-alls, according to Exabeam CISO Tyler Farrar, who argues professionals need to reclaim the discussion.

Security analyst sides with Mitre, describes flaw as ‘fantastic win for phishing campaigns.’

The CVSS 9.8 authentication bypass in Ivanti's traffic manager admin panel already has a proof-of-concept exploit (PoC) lurking in the wild.

Organizers and participants at the DEF CON Voting Village found cyber vulnerabilities in everything from voting machines to e-poll books, but there is no time before the November elections to fully implement their findings.

As AMD has no intentions to release a patch for the Ryzen 3000 series and bellow, what users can do to protect themselves?

I can assume few things:

1. Do not run any untrusted software and closed source software in general.

2. Do not run untrusted OSes and distros. Also disable ability to boot from external devices.

3. Sandboxing (e.g. flatpaks) won't give you any protection, as it does not protect against kernel exploits.

4. VMs can give defense if you need to run untrusted apps. Probably it is good to run networking apps in a VM also.

What else? What about web browsers? What you are going to do with affected devices if you have them?

The Defense Advanced Research Projects Agency launches TRACTOR program to work with university and industry researchers on creating a translation system that can turn C code into secure, idiomatic Rust code.

The FBI announced on Monday that it seized the servers and websites of the Radar/Dispossessor ransomware operation following a joint international investigation.

The treaty would allow any country to request technology firms to aid in cybercrime investigations and preserve data about their users — potentially imperiling penetration testers and security researchers, among others.

South Korea's ruling party, People Power Party (PPP), claims that North Korean hackers have stolen crucial information about K2 tanks, the country's main battle tank, as well as its "Baekdu" and "Geumgang" spy planes.

Attackers impersonating the Security Service of Ukraine (SSU) have used malicious spam emails to target and compromise systems belonging to the country's government agencies.

The company has decided not to extend these updates to its Ryzen 1000, 2000, and 3000 series processors or its Threadripper 1000 and 2000 models.