Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
12/01/2022
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems.
12/01/2022
One Year After Log4Shell, Most Firms Are Still Exposed to Attack
Though there have been fewer than expected publicly reported attacks involving the vulnerability.
11/30/2022
Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework
Available since 2019, Quarkus is an open source Kubernetes-native Java framework designed for GraalVM and HotSpot virtual machines.
11/30/2022
Critical Quarkus Flaw Threatens Cloud Developers With Easy RCE
Red Hat has issued patches for a bug in an open source Java virtual machine software that opens the door to drive-by localhost attacks.
11/30/2022
New Financial Assistance Program For Open Source Developers Makes Its Way
The new program to provide financial assistance to open source developers has been announced by Contrast Security. Through the programme, more than $15,000 will be distributed to support activities.
11/30/2022
Zero-Day Flaw Discovered in Quarkus Java Framework
A high-severity zero-day vulnerability has been discovered in the Red Hat build of Quarkus.
11/29/2022
Contrast Security announces new program to financially support open source developers
Contrast Security has announced a new sponsorship program to support open source developers.
11/29/2022
Localhost attack against Quarkus developers | Contrast Security
While preparing a talk for the recent DeepSec Conference about attacking the developer environment through drive-by localhost, I reviewed some popular Java frameworks to see if they were vulnerable.
11/29/2022
OpZero’s modus operandi: opportunity hunter, front for Kremlin, or both?
OpZero, a Russian company, is a fairly new player in the market of zero-day exploits.
11/28/2022
Could “The New Twitter” Run Into Issues With GDPR One Stop Shop Rule? Irish DPC Source Indicates Staffing Situation May Be a Problem
Elon Musk’s takeover of Twitter has come with sweeping changes to the company’s structure.
11/23/2022
Hidden Russian Software in Thousands of Apps Sparks Fears of Online Activity Tracking, Prompts Ban by US Army
A piece of Russian software buried in thousands of apps has raised concerns in some government agencies.
11/16/2022
Iranian hackers breach Federal Civilian Executive Branch using Log4Shell vulnerability
The U.S. Cybersecurity and Infrastructure Agency today disclosed that an Iranian government-sponsored advanced persistent threat group hacked the Federal Civilian Executive Branch.