Notícias

ArmorCode announced the growth of its ASPM Platform with the ability to unify AppSec and infrastructure vulnerability management. The continued innovation of Risk-Based Vulnerability Management (RBVM) in ArmorCode empowers security teams to address vulnerabilities across infrastructure, cloud, and applications with enhanced prioritization, automation, asset and remediation workflows, offering organizations a comprehensive approach to manage risk. ArmorCode delivers an independent governance layer that integrates findings from multiple scanning tools, including infrastructure and application security scanners into … More → The post ArmorCode unifies application security with infrastructure vulnerability management appeared first on Help Net Security.

Tanium announced Tanium Cloud Workloads, providing real-time visibility and protection for containerized environments. Through image vulnerability scanning, container run-time inventory, rogue container identification, and Kubernetes policy enforcement, teams across security, IT operations, and DevOps can reduce their attack surface and improve the security posture of containerized workloads whether on premises or in the cloud. As the adoption of containerized workloads increases across organizations, so does the attack surface available to bad actors exploiting their vulnerabilities. … More → The post Tanium Cloud Workloads provides visibility and protection for containerized environments appeared first on Help Net Security.

Apple released security updates for iOS, iPadOS, macOS, visionOS, and Safari browser to address two actively exploited zero-day flaws. Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS, macOS, visionOS, and Safari web browser, which are actively exploited in the wild. The vulnerability CVE-2024-44309 is a cookie management issue […]

Apple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks

Apple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities (CVE-2024-44309, CVE-2024-44308) that “may have been actively exploited on Intel-based Mac systems”. About CVE-2024-44309 and CVE-2024-44308 CVE-2024-44309 affects WebKit, the browser engine used in the Safari web browser and all iOS and iPadOS web browsers, and can be triggered when it's made to process maliciously crafted web content. It can enable a cross site scripting (XSS) attack. CVE-2024-44308 affects JavaScriptCore - … More → The post Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) appeared first on Help Net Security.

Aqua Nautilus' research reveals hackers are leveraging vulnerable and misconfigured Jupyter Notebook servers to steal live sports streams.…

Misconfigured instances of JupyterLab and Jupyter Notebook have been targeted by threat actors for sports stream ripping. The post Vulnerable Jupyter Servers Targeted for Sports Piracy appeared first on SecurityWeek.

Today, Apple released updates patching two vulnerabilities that have already been exploited. Interestingly, according to Apple, the vulnerabilities have only been exploited against Intel-based systems, but they appear to affect ARM (M"x") systems as well.

Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. [...]

The watchdog for the EPA found that, of 1,062 U.S. drinking water systems it assessed, 97 had "critical" or "high-risk" security flaws and another 211 had less dangerous vulnerabilities, risking threats from stolen data to disrupted service. The post EPA IG Office: 'High-Risk' Security Flaws in Hundreds of Water Systems appeared first on Security Boulevard.