What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Vulnerabilities

Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds

Patches deployed for dependency vulnerabilities cause breakages 75% of the time, a new report has revealed. Minor updates were found to break clients 94% of the time, and for version upgrades this was 95%. Software dependencies — the external code or libraries that a project requires to function properly — . . . Read more

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs

Volt Typhoon, a Chinese state-sponsored hacking group, has been caught exploiting a zero-day vulnerability in Versa Director servers, used by managed service providers and internet service providers. CVE-2024-39717 was added to CISA’s “Known Exploited Vulnerabilities Catalog” on Aug. 23 after Lumen Technologies discovered its active exploitation. Data from Censys shows . . . Read more

OpenAI’s GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities, Study Finds

The GPT-4 large language model from OpenAI can exploit real-world vulnerabilities without human intervention, a new study by University of Illinois Urbana-Champaign researchers has found. Other open-source models, including GPT-3.5 and vulnerability scanners, are not able to do this. A large language model agent — an advanced system based on . . . Read more

Google Cloud’s Nick Godfrey Talks Security, Budget and AI for CISOs

Image: Adobe/Sundry Photography As senior director and global head of the office of the chief information security officer (CISO) at Google Cloud, Nick Godfrey oversees educating employees on cybersecurity as well as handling threat detection and mitigation. We conducted an interview with Godfrey via video call about how CISOs and . . . Read more

Top 7 Cybersecurity Threats for 2024

The rise and rapid adoption of new innovative technologies, such as generative artificial intelligence, no-code apps, automation and the Internet of Things, have dramatically changed the global cybersecurity and compliance landscape for every industry. Cybercriminals are turning to new techniques, tools and software to launch attacks and create greater damage. . . . Read more

Google Offers Bug Bounties for Generative AI Security Vulnerabilities

Google’s Vulnerability Reward Program offers up to $31,337 for discovering potential hazards. Google joins OpenAI and Microsoft in rewarding AI bug hunts. Image: Markus Mainka/Adobe Stock Google expanded its Vulnerability Rewards Program to include bugs and vulnerabilities that could be found in generative AI. Specifically, Google is looking for bug . . . Read more

Microsoft, Apple versus China, spyware actors

Image: 2ragon/Adobe Stock Revelations this week from Microsoft and Apple speak to the COVID-like persistence of cyber threats and the ability of threat actors to adapt in the wild, steal credentials and sidestep patches. Microsoft explained this week how it had discovered and attempted to harden ramparts in the face . . . Read more

Engineering PCs, Other Devices Most at Risk for Security Vulnerabilities

New research on operational technology vulnerabilities by Armis found that 56% of engineering workstations have at least one unpatched critical severity. Image: Siphosethu Fanti/peopleimages.com/Adobe Stock As operational technology (OT) merges with IT, vulnerabilities in operational tech systems are a new threat, not least because these networks involve control frameworks for . . . Read more