vulnerabilities (12)

13104873684?profile=RESIZE_400xResearchers at Google said last week that they have discovered the first vulnerability using a large language model.  In a blog post, Google said it believes the bug is the first public example of an AI tool finding a previously unknown exploitable memory-safety issue in widely used real-world software.  The vulnerability was found in SQLite, an open-source database engine popular among developers.

Google researchers reported the vulnerability to SQLite developers in early October, who fixed it

12187402493?profile=RESIZE_400xIntelligence agencies in Australia, Canada, New Zealand, the UK, and the US have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.  The Five Eyes agencies say, threat actors mainly targeted internet-facing systems that were not patched against older, known vulnerabilities, including flaws for which Proof-of-Concept (PoC) exploit code exists publicly.

“Malicious cyber actors generally have the most success exploiting known vulnerabi

12150097485?profile=RESIZE_400xA vulnerability has been discovered in Adobe ColdFusion which could allow for arbitrary code execution.  Adobe ColdFusion is a commercial web-application development platform designed to build and deploy web applications.  Successful exploitation of this vulnerabilities could allow for arbitrary code execution in the context of the logged on user.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts w

11004795484?profile=RESIZE_400xMultiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution.  Google Chrome is a web browser used to access the internet.  Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.  Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full us

10970860687?profile=RESIZE_400xVulnerability management comprises the entirety of workflows geared toward maintaining an up-to-date inventory of a company's digital assets, checking them for imperfections, and addressing the detected security loopholes.  It revolves around the principle of monitoring and hardening the security condition of a corporate IT infrastructure continuously to ensure proactive defenses against different forms of exploitation.

There is a difference between the use of garden-variety vulnerability scanne

10960040875?profile=RESIZE_400xOur friends at the State of NJ, NJCCIC has provided a valuable alert - Vulnerable VMware ESXi Servers Targeted in Ransomware Attacks.  

Ransomware groups are actively exploiting a 2-year-old heap-overflow vulnerability, CVE-2021-21974 (CVSS v3.1 8.8), affecting OpenSLP used in VMware ESXi servers for versions 6.x and prior to 6.7, though threat actors may be leveraging other vulnerabilities or attack vectors, as earlier builds of ESXi appear to have also been compromised.  European cybersecurity

10812238283?profile=RESIZE_400xCyber threats are an all too common danger for companies in all critical infrastructure sectors.  Historically, the threat of cyber-attack was thought to be largest against financial institutions, retail chains, and the medical sector.  However, as manufacturing has become more reliant on data and technology, the threat of cyber-attacks on the industry has grown.  This especially true for critical manfacturing, like aviation and the defense industrial base (DIB), but true for any manfacturing. 

10672047278?profile=RESIZE_400xGPS, or Global Positioning Systems, have become a staple of our lives – especially in the transportation sector.  Whether you are broadcasting your location for a rideshare or trying to find the quickest way to avoid traffic on your commute it seems that paper maps and printed directions have become a thing of the past.  It comes as no surprise that the more we rely on interconnected devices the more susceptible to cyber attacks we become.   This is exemplified through the Cybersecurity & Infras

8390510860?profile=RESIZE_400xOur Red Sky Alliance research predictions for 2021 are not necessarily in any order of importance yet presented as what we believe are the most important.

Ransomware…Ransomware… Ransomware

2020 saw a dramatic rise in ransomware activity.  While it is difficult to predict specifically what ransomware authors will do next, it can be expected that they will continue to do what has worked well for them in the past if it continues as profitable.  Ransomware ‘payment’ amounts saw a 217% rise in 2020 f