Enlarge / This isn’t how the OMIGOD vulnerability works, of course—but lightning is much more photogenic than maliciously crafted XML. reader comments 31 with 20 posters participating, including story author Share this story Cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service—has found another hole in Azure.… Read More »
Enlarge / If you don’t maintain good relationships with bug reporters, you may not get to control the disclosure timeline. reader comments 0 with 0 posters participating Share this story The Washington Post reported earlier today that Apple’s relationship with third-party security researchers could use some additional fine tuning. Specifically, Apple’s “bug bounty” program—a way companies… Read More »
Enlarge / Cosmos DB is a managed database service offering—including both relational and noSQL data structures—belonging to Microsoft’s Azure cloud infrastructure. reader comments 44 with 22 posters participating, including story author Share this story Cloud security vendor Wiz announced yesterday that it found a vulnerability in Microsoft Azure’s managed database service, Cosmos DB, that granted… Read More »
reader comments 106 with 75 posters participating, including story author Share this story This weekend, security researcher jonhat disclosed a long-standing security bug in the Synapse software associated with Razer gaming mice. During software installation, the wizard produces a clickable link to the location where the software will be installed. Clicking that link opens a File… Read More »
Enlarge / The Internet is unfortunately packed full of criminals seeking to steal sexual (or sexualizable) images from privately held cloud backup accounts. reader comments 34 with 22 posters participating, including story author Share this story The LA Times reported this week that Los Angeles man Hao Kuo “David” Chi pled guilty to four federal… Read More »
Enlarge / If there’s any single photo that better encapsulates the state of enterprise information security in 2021, we weren’t able to find it. reader comments 54 with 43 posters participating, including story author Share this story Unnamed sources told Bloomberg that the White House will host a meeting between President Joe Biden and some of… Read More »
reader comments 53 with 36 posters participating, including story author Share this story [embedded content] This three-minute video outlines how Glowworm works and gives examples of optically recovered audio. Researchers at Ben-Gurion University of the Negev have demonstrated a novel way to spy on electronic conversations. A new paper released today outlines a novel passive… Read More »
Enlarge / At least three companies have reported the dbutil_2_3.sys security problems to Dell over the past two years. reader comments 18 with 18 posters participating Share this story Yesterday, infosec research firm SentinelLabs revealed 12-year-old flaws in Dell’s firmware updater, DBUtil 2.3. The vulnerable firmware updater has been installed by default on hundreds of millions of… Read More »