Three recently unearthed vulnerabilities in the Linux kernel, located in the iSCSI module used for accessing shared data storage facilities, could allow root privileges to anyone with a user account.
Omer Tene, vice president and chief knowledge officer at the International Association of Privacy Professionals, sheds some light on the state of play for privacy legislation under the Biden administration.
SC Media spoke to Tye Eyden, collaboration business systems analyst at New Belgium Brewing about ongoing efforts to stay ahead of privacy regulations. He credits workflow automation for bringing the company into compliance with the California Privacy Rights Act in just five months.
As Black History Month drew to a close and Women’s Month began, BlackGirlsHack founder Tennisha Martin discussed with SC Media the barriers to diversity in the cybersecurity workforce and how a recent partnership with RangeForce will help the non-profit contribute to change.
Broken access control and broken object level authorizations vulnerabilities have proven the most difficult to fix, while fixes for command injection and SQL injection flaws are most often incorrect.
Huntress uncovered software flaws and misconfigurations – from information disclosure or PII leakage to direct access to databases and potential remote code execution – in two of the top five virtual event platforms.
How much of Biden’s promised funding for cyber will support small and medium businesses? Tugboat Logic CEO Ray Kruck offers tips for managing the risk in the meantime.
Some question Microsoft’s decision to close the book on the investigation, and say zero trust might not have made a significant difference.
Padraic O’Reilly, co-founder of cyber risk firm CyberSaint, shared insights with SC Media, about the struggles faced by water plants, energy companies and other utilities to assess cyber risk and prevent cyberattacks.
Pseudonymous authors published more than 150 copycat packages just three days after research revealed a software supply chain flaw, attempting to exploit the vulnerabilities in the brief window before a patch.
