ENISA: Software vulnerability prevention initiatives
The European Network and Information Security Agency, ENISA, has compiled a list of existing initiatives focused on finding and preventing software vulnerabilities.
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (
Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious….
A research project into vulnerabilities affecting Microsoft’s PlayReady DRM raises some questions on responsible disclosure. The post Microsoft DRM Hacking Raises Questions on Vulnerability Disclosures appeared first on SecurityWeek.
Cybersecurity researchers have uncovered three security weaknesses in Microsoft’s Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. “Exploiting these flaws could allow attackers to gain persistent access as shadow administrators
Results from the latest ATT&CK Evaluations for endpoint detection and response solutions.
With a security-first culture fully in play, developers will view the protected deployment of AI as a marketable skill, and respond accordingly. The post How to Eliminate “Shadow AI” in Software Development appeared first on SecurityWeek.