GitHub has fixed a race condition vulnerability in its repository creation and user renaming operations that could have enabled threat actors to perform what is known as a repojacking attack. Discovered and disclosed by researchers from Checkmarx, had the flaw been exploited, it could have been used to take control of code repositories and hijack…
GitHub fixes race condition that could have led to ‘repojacking’ Read More »
Cloud-native network detection and response (NDR) specialist ExtraHop hopes to give security researchers and defenders a little extra help when it comes to defending against malware and botnet operations, by making its entire 16 million row domain generated by algorithm (DGA) dataset publicly available on GitHub. So-called DGAs are programs that use algorithmic generation to…
ExtraHop open sources 16 million rows of threat domain data Read More »
A nation-state threat actor backed by the North Korean government has begun a new phase of a nearly two-year-old campaign targeting legitimate cyber security researchers, leveraging an as-yet undisclosed zero-day to gain access to their victims. The zero-day in question was uncovered by Google’s Threat Analysis Group (TAG). It has been reported to the supplier whose…
North Koreans using new zero-day to target security researchers Read More »
Operational technology specialist Honeywell is to incorporate quantum computing-hardened encryption keys into its smart meters for electric, gas and water meters, through a partnership with sector specialist Quantinuum that it said will provide consumers with heightened protection from future cyber threats. The deal makes Honeywell the first to deploy quantum encryption in such a way,…
Honeywell goes quantum to protect utilities from future threats Read More »
Imagine the prospect of the first day in a new job as a software developer. Beyond the meetings with HR, managers and team leaders, there is also likely to be a stack of training material and documentation around company policies to get through. These things precede the really hard stuff, which is around getting to…
Tips for improving software developer productivity Read More »
I believe a part of making sense out of the issue of artificial intelligence (AI) in the world of cyber comes down to definitions. AI is the idea that a machine can mimic human intelligence, while machine learning (ML) teaches a machine how to perform a task and identify patterns. A lot of cyber security…
Does AI have a future in cyber security? Yes, but only if it works with humans Read More »
Earlier in July, Meta, the parent company of Facebook, announced the availability of Llama 2, which will be made available in the Microsoft Azure AI model catalogue, as well as AWS. Meta describes Llama 2 as “the next generation” of its open source large language model. But while it is free for research and commercial…
