A newly discovered series of four dangerous flaws in the Common Unix Printing System (Cups), which is used across virtually all GNU/Linux distros including Debian, Red Hat and SUSE, as well as Apple macOS and Google Chrome/Chromium among other things, is causing alarm bells to ring for security professionals over the potential scope of the…
Printing vulnerability affecting Linux distros raises alarm Read More »
Thousands of applications that have taken advantage of open source Python Package Index (PyPI) software packages may be at risk of hijacking and subversion by malicious actors, opening up the possibility of major supply chain attacks affecting even greater numbers of downstream organisations and users. That is according to threat researchers at jFrog, who identified…
PyPI loophole puts thousands of packages at risk of compromise Read More »
The UK’s National Cyber Security Centre (NCSC) and its counterpart bodies in the Five Eyes intelligence alliance have joined partners from Czechia, Estonia, Germany, Latvia and Ukraine to identify a Russian military cyber unit that has been conducting a sustained campaign of malicious activity over the past four years. Part of the Main Directorate of…
NCSC and allies call out Russia’s Unit 29155 over cyber warfare Read More »
It’s almost become a cliché to say that data is the lifeblood of the modern enterprise. However, Claire Thompson, group chief data and analytics officer (CDAO) at financial services firm L&G, says data has always been crucial to big firms. What’s changed during the past few years, particularly in her sector, is a recognition of…
Women in data: Claire Thompson, chief data officer, L&G Read More »
Security leaders and software developers will benefit from deeper visibility into their organisations’ software development security posture as they work, bolstering moves towards the nirvana of so-called secure-by-design code, with the introduction of an industry-first solution from sector specialist Secure Code Warrior (SCW). SCW Trust Agent comes hot on the heels of the introduction of…
Innovations to power secure-by-design development Read More »
While data has the potential to boost the UK economy significantly, the links between data and AI are not sufficiently understood. If we are to seize this potential and position the UK as a global AI superpower, as the National AI Strategy aims to do, we must get a grip on data infrastructure in order…
Data is the key to unlocking the UK’s AI potential Read More »
The operators of leading open source software (OSS) package repositories, including the Python Software Foundation and the Rust Foundation, have set out the actions they are taking to help better secure and protect the open source software (OSS) ecosystem, underscored by a series of high-profile OSS flaws in the past few years, most notably Log4Shell.…
OSS leaders detail commitments to bolster software security Read More »
iOS 18 will deliver Apple’s first generative AI features for iPhone. That’s the expectation, at least, considering what’s available out there. ChatGPT, Microsoft Copilot, and Google Gemini are only getting better, with updates dropping frequently. Apple isn’t ready to announce anything. But Tim Cook did tease recently big AI announcements for later this year. That…
I hope iOS 18 will bring generative AI like ChatGPT to the iPhone search Read More »
Microsoft has learned an important lesson after having to clean up a major data leak resulting from an “overly permissive” shared access signature (SAS) token accidentally disclosed by one of its employees. The incident took place in June 2023, when a Microsoft researcher shared a URL for an Azure Blob store in a public GitHub repository…
38TB Microsoft data leak highlights risks of oversharing Read More »
GitHub has fixed a race condition vulnerability in its repository creation and user renaming operations that could have enabled threat actors to perform what is known as a repojacking attack. Discovered and disclosed by researchers from Checkmarx, had the flaw been exploited, it could have been used to take control of code repositories and hijack…
GitHub fixes race condition that could have led to ‘repojacking’ Read More »
