#intel

A rundown of Talos open-source software tools, which anyone in the security community can download for free, and use for research, skills, training, or integration into existing security infrastructure.

Newly released documents highlight the bureau's continued secrecy around cell-site simulators—spying tech that everyone already assumes exists.

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard.

The company says its Themis Co-pilot for Outlook helps recipients discern business email compromise attacks, reducing false positives for security staff.

This article is the last in a six-part series (see my previous blog) presenting various usage models for Confidential Computing, a set of technologies designed to protect data in use. In this article, I explore interesting support technologies under active development in the confidential computing community. Kernel, hypervisor and firmware support Confidential Computing requires support from the host and guest kernel, the hypervisor, and firmware. At the time of writing, that support is uneven between platforms. Hardware vendors tend to develop and submit relatively large patch series, w

The notorious APT15 used common malware tools and a third-generation custom "Graphican" backdoor to continue its information gathering exploits, this time against foreign ministries.

The US Department of Justice adds litigators under its National Security Division to take on sophisticated cyber threats from adversarial nation-states.

Gen Digital, the parent company of the security companies, is the latest victim in a rash of Cl0p attacks on the bug in the MOVEit transfer software, leading to employee data being revealed.

It's time to update what we think we understand about ransomware, including new defensive measures and how fast the attack response should be.

An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20860: A flaw was found in Spring Framework. In this issue, a security bypass is possible due to the behavior of the wildcard pattern. * CVE-2023-20861: A flaw found was found in Spring Framework. This flaw allows a malicious user to u...