Lifeboat Foundation

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site.

The vulnerability, tracked as CVE-2024–10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The software is installed on over 4 million WordPress sites.

“The vulnerability is scriptable, meaning that it can be turned into a large-scale automated attack, targeting WordPress websites,” Wordfence security researcher István Márton said.

Six US banks are reporting potential security breaches of debit cards, with several forcing affected customers to get replacements.

In new filings with the Massachusetts state government, Mainstreet Bank, Savers Bank, The Village Bank, Watertown Savings Bank, Webster Five Cents Savings Bank and Eagle Bank say some debit cards may have been compromised following a security breach of a merchant’s payment card platform.

A copy of a notice sent to Eagle Bank customers was recently posted on the government site, stating an unnamed Mastercard merchant allowed unauthorized access to account information.

The Department of Defense (DoD), alongside the Office of the Director of National Intelligence (ODNI), delivered its 2024 Annual Report on Unidentified Anomalous Phenomena (UAP) to Congress this week, fulfilling requirements outlined in the National Defense Authorization Act (NDAA) for Fiscal Year 2022, with amendments from the FY 2023 NDAA. The report, produced by the DoD’s All-Domain Anomaly Resolution Office (AARO), presents a comprehensive update on UAP sightings and analyses, covering incidents reported from May 2023 through June 2024.

According to the report, AARO received a total of 757 UAP reports during this period. Out of these, 485 incidents occurred within the last year, while the remaining 272 involved sightings from 2021 and 2022 that had not been previously cataloged. These new additions bring the total number of UAP cases reviewed by AARO to over 1,600 as of June 1, 2024.

The DoD emphasizes that UAP reports are critical to national security. Every incursion into designated air, sea, or space zones is taken seriously, with each sighting undergoing a systematic, data-driven analysis. AARO’s mandate includes examining these sightings for potential threats to service members, U.S. facilities, and sensitive operations.

In our increasingly interconnected digital world, the foundations of secure communication and data privacy are built upon cryptographic algorithms that have stood the test of time.

Discover how quantum computing threatens current API security and learn strategies to prepare your APIs for Q-Day by adopting post-quantum cryptography solutions.

Companies that own or operate critical infrastructure increasingly rely on artificial intelligence. Airports use A.I. in their security systems; water companies use it to predict pipe failures; and energy companies use it to project demand. On Thursday, the U.S. Department of Homeland Security will release new guidance for how such companies use the technology.

The document, a compilation of voluntary best practices, stems from an executive order that President Biden signed more than a year ago to create safeguards around A.I. Among other measures, it directed the Department of Homeland Security to create a board of experts from the private and public sectors to examine how best to protect critical infrastructure. The risks run the gamut from an airline meltdown to the exposure of confidential personal information.

Alejandro N. Mayorkas, the homeland security secretary, first convened the board in May. It includes Sam Altman, the chief executive of OpenAI; Jensen Huang, the chief executive of Nvidia; Sundar Pichai, the chief executive of Alphabet; and Vicki Hollub, the chief executive of Occidental Petroleum.

Google has quietly updated the description of one of Chrome’s security features, “Enhanced protection,” to confirm that it will be powered by AI in a future release.

It’s unclear what has changed, but as spotted by Leo on X, Google is updating its Enhanced protection mode in Chrome’s Safe Browsing feature to include AI-powered protection.

This feature now uses AI to provide real-time protection against dangerous sites, downloads, and extensions.

Discover how a new attack technique bypasses Microsoft’s security, enabling OS downgrade attacks on Windows.

WASHINGTON — The Defense Department should step up support of commercial space companies to take advantage of capabilities that might otherwise be lost, a new report concludes.

That recommendation is among several in a study called Space Agenda 2025 released Oct. 24 by The Aerospace Corporation and its Center for Space Policy and Strategy (CSPS). The report is intended to provide advice to the next administration on key topics in civil, commercial and national security space.

In a briefing held in advance of the report’s release, Sam Wilson, systems director at CSPS, said the Defense Department is benefitting from growing commercial capabilities in areas like commercial remote sensing, much of which was fueled by a boom in private investment in space companies several years ago. Private investment has dropped significantly since a peak in 2021, though, and investors say access to capital remains difficult for space companies today, especially those trying to raise larger, later rounds.

Australia has served up a Secure Innovation Placemat [PDF].

The wide variance in the documents is by design: each Five Eyes nation chose its own approach, although the campaign is a coordinated effort that is billed as “consistent and consolidated advice reflecting both the globalized and interconnected tech startup ecosystem as well as the global nature of the security threats startups face.” And everybody uses placemats.

Whether this advice will break through the “move fast and break things” culture that many startups nurture is anyone’s guess. The Register has reported on security and resilience troubles in the early years at Uber and Lyft, GitLab, and at OpenAI.