Vulnerability Management

Related events

Related Videos

A glowing red exclamation point inside a glowing red triangle on a glowing red digital background

Over 700M EA user accounts exposed by critical account system flaw

SC StaffNovember 7, 2024

Extensive account exposure by a misconfigured API was discovered by game developer and ethical hacker Sean Kahler through a developer testing environment privileged access token obtained following the identification of hardcoded credentials in a game's executable.

Debugging binary code with bug inside magnifying glass

Vulnerability Management

IBM Security Verify Access impacted by dozens of bugs

SC StaffNovember 6, 2024

Malicious multi-factor authenticators could be added by threat actors to ISVA through the abuse of the solution's authentication bypass issue and back-end access, which could then allow complete infrastructure takeovers, noted Barre.

An Android statue is displayed in front of a building on the Google campus on January 31, 2022 in Mountain View, California. (Photo by Justin Sullivan/Getty Images)

Vulnerability Management

Active exploitation of Android vulnerabilities ongoing

SC StaffNovember 6, 2024

Leading the actively exploited bugs is an Android Framework privilege escalation issue, tracked as CVE-2024-43093, which could be utilized to facilitate unauthorized Android directory and sub-directory access.

AI/ML

Machine learning platform vulnerabilities detailed

SC StaffNovember 5, 2024

Weights and Biases' open-source Weave toolkit for generative artificial intelligence development has been impacted with a directory traversal flaw, tracked as CVE-2024-7340, which could be leveraged to facilitate unauthorized file access and privilege escalation, while ML pipeline management platform ZenML Cloud was affected by an improper access control bug.

Cisco sign near Cisco headquarters campus in Silicon Valley.

Data Security

Cisco downplays impact of DevHub portal hack

SC StaffNovember 5, 2024

Included in the leaked files were data for Cisco clients and other DevHub users, as well as certain CX Professional Services customers, who have already been informed about the breach.

AI/ML

Google’s Big Sleep LLM agent discovers exploitable bug in SQLite

Laura FrenchNovember 4, 2024

The Gemini 1.5 Pro-driven agent used variant analysis to discover the stack buffer underflow flaw.

Network Security

FCA urges firms to boost operational resilience post-CrowdStrike disruption

Dan RaywoodNovember 4, 2024

According to the UK's FCA, third-party related issues were the leading cause of operational incidents reported between 2022 and 2023.

Vulnerability Management

Related events

Exposure management: How organizations can use it to build cyber resilience

CISO Perspectives to Improve/Optimize Vulnerability Management

Balancing Act: Prioritizing Vulnerabilities and Misconfigurations in Vulnerability Management

Related Videos

Transform cybersecurity with process mining

Security for the modern workforce

Log4j vulnerability response for banks: ‘This is not a quick process’

Over 700M EA user accounts exposed by critical account system flaw

IBM Security Verify Access impacted by dozens of bugs

Active exploitation of Android vulnerabilities ongoing

Machine learning platform vulnerabilities detailed

Cisco downplays impact of DevHub portal hack

Google’s Big Sleep LLM agent discovers exploitable bug in SQLite

FCA urges firms to boost operational resilience post-CrowdStrike disruption