open source

Best practices to beat container misconfiguration

While misconfigured containers are a major challenge in cloud security, this can often be traced to shortcuts to cloud and containerisation divorced from the overall strategy. Focus on technical and tactical migrations, or even managing revenues, can be to the detriment of risk management and business results, with Drew Firment, chief cloud strategist at learning…

Best practices to beat container misconfiguration Read More »

Patch GitLab vuln without delay, users warned

The US Cybersecurity and Infrastructure Security Agency (CISA) has this week added a vulnerability that was first disclosed in January in the GitLab open source platform to its Known Exploited Vulnerabilities (KEV) catalogue, prompting a flurry of warnings urging users of the service to apply available patches immediately. Tracked as CVE-2023-7028 and discovered through GitLab’s…

Patch GitLab vuln without delay, users warned Read More »

IR35: HMRC restores Github access to deleted CEST source code, but confirms update data lost

HM Revenue & Customs (HMRC) has confirmed the Github repository housing the source code for its online IR35 employment status checker tool has been restored, after it was deleted “in error” during a platform migration. The government tax collection agency recently completed the process of migrating its Check Employment Status for Tax (CEST) tool to…

IR35: HMRC restores Github access to deleted CEST source code, but confirms update data lost Read More »

AMD Begins Polaris and Vega GPU Retirement Process, Reduces Ongoing Driver Support

As AMD is now well into their third generation of RDNA architecture GPUs, the sun has been slowly setting on AMD’s remaining Graphics Core Next (GCN) designs, better known by the architecture names of Polaris and Vega. In recent weeks the company dropped support for those GPU architectures in their open source Vulkan Linux driver,…

AMD Begins Polaris and Vega GPU Retirement Process, Reduces Ongoing Driver Support Read More »

Cash-strapped cyber pros go rogue on the dark web

Cyber professionals frustrated with stagnating salaries and poor working conditions are increasingly turning to the cyber criminal underground to increase their pay, cover expenses and replace dried-up work, the Chartered Institute of Information Security (CIISec) has warned in its latest State of the profession report. The study highlighted that a lack of appropriate remuneration is…

Cash-strapped cyber pros go rogue on the dark web Read More »

OSS leaders detail commitments to bolster software security

The operators of leading open source software (OSS) package repositories, including the Python Software Foundation and the Rust Foundation, have set out the actions they are taking to help better secure and protect the open source software (OSS) ecosystem, underscored by a series of high-profile OSS flaws in the past few years, most notably Log4Shell.…

OSS leaders detail commitments to bolster software security Read More »

Kaspersky opens up over spyware campaign targeting its staffers

Kaspersky has shared more details of a novel iOS spyware that it discovered earlier this year when its own devices came under attack in a campaign dubbed Operation Triangulation. Dozens of Kaspersky employees are understood to have been affected by the advanced persistent threat (APT) campaign, which employed a “sophisticated method” of distributing zero-click exploits…

Kaspersky opens up over spyware campaign targeting its staffers Read More »

Research team tricks AI chatbots into writing usable malicious code

Researchers at the University of Sheffield said they have successfully fooled a number of natural language processing (NLP) generative artificial intelligence (GenAI) tools – including ChatGPT – into producing effective code that can be used to launch real-world cyber attacks. The potential for tools like ChatGPT to be exploited and tricked into writing malicious code…

Research team tricks AI chatbots into writing usable malicious code Read More »

38TB Microsoft data leak highlights risks of oversharing

Microsoft has learned an important lesson after having to clean up a major data leak resulting from an “overly permissive” shared access signature (SAS) token accidentally disclosed by one of its employees. The incident took place in June 2023, when a Microsoft researcher shared a URL for an Azure Blob store in a public GitHub repository…

38TB Microsoft data leak highlights risks of oversharing Read More »

CMA focuses on data for AI foundation model

Accountability, access, diversity, choice, flexibility and transparency are among the key principles the Competition and Markets Authority (CMA) has set out in its preliminary report on foundational AI models. Discussing the report, Sarah Cardell, CEO of the CMA, said: “The speed at which AI is becoming part of everyday life for people and businesses is…

CMA focuses on data for AI foundation model Read More »

Shopping Cart
Shopping cart0
There are no products in the cart!
Continue shopping
0
Scroll to Top