Your blog category
A high-severity security flaw has been disclosed in Meta’s Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the…
The number of CISOs who report directly to the CEO is up sharply in recent years, but many still say it’s not enough to secure adequate resources.
A departmentwide initiative has now led to five major law enforcement actions, in an attempt to curb the increasingly common trend of North Korean hackers posing as IT job applicants.
The MITRE framework’s applied exercise provides defenders with critical feedback about how to detect and defend against common, but sophisticated, attacks.
The bug has been given a 9.9 CVSS score, and could allow authenticated threat actors to escalate their privileges to admin-level if exploited.
Third-party API security requires a tailored approach for different scenarios. Learn how to adapt your security strategy to outbound data flows, inbound traffic, and SaaS-to-SaaS interconnections.
For the first time in a long while, the federal government and the software sector alike finally have the tools and resources needed to do security well — consistently and cost-effectively.
A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations – Open5GS, Magma, OpenAirInterface,…
The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. However, this
The U.S. Department of Justice (DoJ) on Thursday indicted two North Korean nationals, a Mexican national, and two of its own citizens for their alleged involvement in the ongoing fraudulent information technology (IT) worker scheme that seeks to generate revenue for the Democratic People’s Republic of Korea (DPRK) in violation of international sanctions. The action…