Archive for the ‘security’ category: Page 21

Mar 13, 2022

How GitHub Uses Machine Learning to Extend Vulnerability Code Scanning

Posted by in categories: robotics/AI, security

Applying machine learning techniques to its rule-based security code scanning capabilities, GitHub hopes to be able to extend them to less common vulnerability patterns by automatically inferring new rules from the existing ones.

GitHub Code Scanning uses carefully defined CodeQL analysis rules to identify potential security vulnerabilities lurking in source code.

Mar 11, 2022

1 out of 3 WordPress plugins does not receive security updates; millions of websites at risk

Posted by in category: security

A report specialized in WordPress security points to a 150% increase in reported flaws during 2021 compared to the previous year, in addition to establishing that almost 30% of the vulnerabilities detected in plugins for WordPress do not receive updates.

Since this is the most widely used content management system (CMS) in the world, this should be a worrisome issue for tens of millions of website administrators.

Continue reading “1 out of 3 WordPress plugins does not receive security updates; millions of websites at risk” »

Mar 11, 2022

Critical Security Patches Issued

Posted by in category: security

Microsoft’s Patch Tuesday update for the month of March has been made officially available with 71 fixes spanning across its software products such as Windows, Office, Exchange, and Defender, among others.

Of the total 71 patches, three are rated Critical and 68 are rated Important in severity. While none of the vulnerabilities are listed as actively exploited, three of them are publicly known at the time of release.

It’s worth pointing out that Microsoft separately addressed 21 flaws in the Chromium-based Microsoft Edge browser earlier this month.

Mar 11, 2022

Dell opts out of Microsoft’s Pluton security for Windows

Posted by in category: security

This doesn’t align with our approach, PC giant tells us.

Mar 8, 2022

Microsoft Azure ‘AutoWarp’ Bug Could Have Let Attackers Access Customers’ Accounts

Posted by in categories: finance, robotics/AI, security, transportation

Details have been disclosed about a now-addressed critical vulnerability in Microsoft’s Azure Automation service that could have permitted unauthorized access to other Azure customer accounts and take over control.

“This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer,” Orca Security researcher Yanir Tsarimi said in a report published Monday.

The flaw potentially put several entities at risk, including an unnamed telecommunications company, two car manufacturers, a banking conglomerate, and big four accounting firms, among others, the Israeli cloud infrastructure security company added.

Mar 6, 2022

Merritt considering 3D printer to help build homes for evacuees

Posted by in categories: 3D printing, habitats, security

Following November’s catastrophic flooding events, roughly 600 Merritt residents still haven’t returned to their homes, but a 3D printer may speed up the process. Greg Solecki, the Merritt’s recovery manag.

“Our biggest priority is getting people back to Merritt and into homes and this 3D-printed option is looking like the most viable one right now,” Solecki said.

READ MORE: 3D printing’s new challenge: Solving the US housing shortage

Continue reading “Merritt considering 3D printer to help build homes for evacuees” »

Mar 4, 2022

Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities

Posted by in category: security

Nearly 75% of network-connected infusion pumps contain security vulnerabilities.

Mar 3, 2022

Researchers show they can steal data during homomorphic encryption

Posted by in categories: computing, encryption, mathematics, security

Homomorphic encryption is considered a next generation data security technology, but researchers have identified a vulnerability that allows them to steal data even as it is being encrypted.

“We weren’t able to crack using mathematical tools,” says Aydin Aysu, senior author of a paper on the work and an assistant professor of computer engineering at North Carolina State University. “Instead, we used . Basically, by monitoring in a device that is encoding data for homomorphic encryption, we are able to read the data as it is being encrypted. This demonstrates that even next generation encryption technologies need protection against side-channel attacks.”

Homomorphic encryption is a way of encrypting data so that third parties cannot read it. However, homomorphic encryption still allows third parties and third-party technologies to conduct operations using the data. For example, a user could use homomorphic encryption to upload sensitive data to a cloud computing system in order to perform analyses of the data. Programs in the cloud could perform the analyses and send the resulting information back to the user, but those programs would never actually be able to read the .

Mar 3, 2022

India Will Spend $1.6 Billion to Add Lines for Transmitting Green Power

Posted by in categories: government, security, sustainability

India will invest 120 billion rupees ($1.6 billion) to add new lines to transmit electricity from renewable plants as it seeks to draw half of its energy requirement from greener sources by 2030.

Dedicated transmission lines of 10,750 circuit kilometers will be built across seven provinces under the second phase of the so-called green energy corridor project, Information and Broadcasting Minister Anurag Thakur said in New Delhi. The project, approved by Prime Minister Narendra Modi’s cabinet on Thursday, will be completed by 2026 and transmit 20 gigawatts of renewable energy capacity, he said.

India is targeting to build 500 gigawatts of installed power capacity from non-fossil sources by 2030, which would require a transmission network to enable clean electricity to flow from plants to consumers. The new lines will also help integrate renewable energy into the national grid and contribute to long-term energy security, according to the government.

Continue reading “India Will Spend $1.6 Billion to Add Lines for Transmitting Green Power” »

Mar 2, 2022

Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack

Posted by in category: security

As many as five security vulnerabilities have been disclosed in the PJSIP open-source multimedia communication library that could be abused by an attacker to trigger arbitrary code execution and denial-of-service (DoS) in applications that use the protocol stack.

Page 21 of 109First1819202122232425Last