U.S. president-elect Donald Trump's border czar says there is an "extreme national security vulnerability" along the Canada-U.S. border that he plans to deal with the moment the new Republican administration takes power.

The index was designed to quantify the specific vulnerabilities faced by countries, especially small island developing states

The National Research Center for Applied Cybersecurity ATHENE has uncovered a critical flaw in the design of DNSSEC, the Security Extensions of DNS (Domain Name System). DNS is one of the fundamental building blocks of the Internet.

EDIT 2024-04-25: Clarified when a PHP application is vulnerable to this bug.Recently, a bug in glibc version 2.39 and older (CVE-2024-2961) was uncovered where a buffer overflow in character set conversions to the ISO-2022-CN-EXT character set can result in remote code execution. This specific buffer overflow in glibc is exploitable through PHP, which exposes the iconv functionality of glibc to do character set conversions via the iconv extension. Although the bug is exploitable in the context of the PHP Engine, the bug is not in PHP. It is also not directly exploitable remotely. The bug is exploitable, if and only if, the PHP application calls iconv functions or filters with user-supplied character sets. Applications are not vulnerable if: Glibc security updates from the distribution have been installed.Or the iconv extension is not loaded.Or the vulnerable character set has been removed from gconv-modules-extra.conf.Or the application passes only specifically allowed character sets to iconv. Moreover, when using a user-supplied character set, it is good practice for applications to accept only specific charsets that have been explicitly allowed by the application. One example of how this can be done is by using an allow-list and the array_search() function to check the encoding before passing it to iconv. For example: array_search($charset, $allowed_list, true) There are numerous reports online with titles like "Mitigating the iconv Vulnerability for PHP (CVE-2024-2961)" or "PHP Under Attack". These titles are misleading as this is not a bug in PHP itself. If your PHP application is vulnerable, we first recommend to check if your Linux distribution has already published patched variants of glibc. Debian, CentOS, and others, have already done so, and please upgrade as soon as possible. Once an update is available in glibc, updating that package on your Linux machine will be enough to alleviate the issue. You do not need to update PHP, as glibc is a dynamically linked library. If your Linux distribution has not published a patched version of glibc, there is no fix for this issue. However, there exists a workaround described in GLIBC Vulnerability on Servers Serving PHP which explains a way on how to remove the problematic character set from glibc. Perform this procedure for every gconv-modules-extra.conf file that is available on your system.PHP users on Windows are not affected.Therefore, a new version of PHP will not be released for this vulnerability.

Jesus said "the kingdom of God is taken by force" and sometime it feels like a battle to allow ourselves to love one another as God intended.

Steve Christoforou and Christian Gonzalez open up for a vulnerable conversation where they share what they're struggling with, how they're doing, and how they're still finding God at work in the midst of a global pandemic.

Europe’s regions are facing rising sea levels and more extreme weather, such as more frequent and more intense heatwaves, flooding, droughts and storms due to climate change, according to the latest European Environment Agency report published on 25 Jan 2017. The report assesses the latest trends and projections on climate change and its impacts across Europe and finds that better and more flexible adaptation strategies, policies and measures will be crucial to lessen these impacts.

Find a summary of the report's Key Findings, or download the full report.

: Just when IT and OT professionals were feeling a little more comfortable in preventing and tackling ransomware/malware attacks, now they have something new to worry about—and potentially just as insidious—the Log4j vulnerability.

Children's Geographies; 08/01/2022
(AN 158427717); ISSN: 14733285
Academic Search Premier

ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos

Attendees are invited to see demonstrations on classifying and protecting sensitive data through multi-factor encryption and to stay for cocktails at Mandalay Bay

Mean time to remediate most common critical vulnerabilities remains over 2 months

Draft of ETSI Coordinated vulnerability disclosure guide available for public comments

Sophia Antipolis, 24 August 2021

ETSI will soon release a Guide to Coordinated Vulnerability Disclosure. Before publication, it made the draft publicly available for comments. Please send your feedback by 15 September to the technical committee CYBER at cybersupport@etsi.org 

Read More...

ETSI releases Report on Coordinated Vulnerability Disclosure - Helping organizations fix security vulnerabilities

Sophia Antipolis, 17 February 2022

ETSI has released on 27 January a Guide to Coordinated Vulnerability Disclosure. The Technical Report ETSI TR 103 838 will help companies and organizations of all sizes to implement a vulnerability disclosure process and fix vulnerability issues before they’re publicly disclosed.

Read More...

Vulnerability management remains a cornerstone of preventive cybersecurity, but organizations still struggle with vulnerability overload and sophisticated threats. Tenable’s new Exposure Signals gives security teams comprehensive context, so they can shift from vulnerability management to exposure management and effectively prioritize high-risk exposures across their complex attack surface.

A critical vulnerability has been disclosed and attackers worldwide are actively exploiting it in the wild. Your vulnerability management team jumps into action and determines that the vulnerability is present in hundreds of your organization’s assets. Which ones do you patch first? How do you prioritize your remediation efforts? What criteria do you use? The clock is ticking. Hackers are on the prowl.

Historically, your vulnerability management team would rely on severity scores like Vulnerability Priority Rating (VPR). This is a great start, but only gives you one indicator of risk. To prioritize remediation precisely and effectively, you need to consider a variety of other criteria, such as a vulnerable asset’s type, owner, and function; the access-level and privileges on the asset; and critical attack paths into your environment.

This type of comprehensive, holistic context will let you prioritize correctly, but it can only be achieved with a different approach that goes beyond traditional vulnerability management. That approach is exposure management. 

With exposure management, your vulnerability management team would be able to pinpoint the subset of assets affected by our hypothetical vulnerability that, for example, are externally accessible, possess domain-level privileges and are part of a critical attack path. That way they would know where the greatest risk is and what they need to remediate first. Having this deep insight, context and visibility transforms the risk assessment equation, and allows your vulnerability management team to move decisively, quickly and strategically.

In this blog, we’ll outline why it’s imperative for your vulnerability management teams to shift to an exposure management mindset, and we’ll explain how Tenable can help them do it.

To pinpoint riskiest vulns, vulnerability management needs broader exposure context 

In today's evolving cybersecurity landscape, vulnerability management remains one of the foundational pieces of an organization's proactive defense strategy. However, these teams still have difficulty in addressing the increased level of risks posed by the continuous surge of Common Vulnerabilities and Exposures (CVEs) and other flaws.

Many security teams are frequently overwhelmed by the sheer volume of vulnerabilities with limited resources to manage them effectively. The sophistication and speed of threat actors has escalated, with attackers having more entry points and using new tactics, techniques and procedures to access other critical areas of the business - demonstrating that attacks are no longer linear but multifaceted.

It’s common for security teams to struggle with:

• Vulnerability overload - This long-standing problem keeps getting worse. Security teams are finding it more difficult than ever to sift through the avalanche of CVEs and identify the areas of the business that have the most risk.
   
•  Lack of exposure context for prioritization - Your teams are making decisions while missing layers of context. Threat intelligence and vulnerability severity are a great start, but limiting yourself to them doesn’t give you the full context you need to prioritize properly. 
   
• Slow remediation response - Both proactive and reactive security teams devote massive amounts of time to responding to critical vulnerabilities. Resources are spread thin, making it more important than ever for teams to confidently identify the most high risk exposures when recommending remediation efforts.

Need to shift from a vulnerability to an exposure mindset

Knowing the struggles that you are dealing with today can help illuminate the benefits of exposure management. The missing links between a vulnerability and an exposure are the additional layers of context. Having multidimensional context enables you to understand not just the vulnerabilities themselves but their potential impact within the broader attack surface. This approach provides a more comprehensive view of an organization's security posture by considering factors such as threat intelligence, asset criticality, identities and access, as well as other pieces of context. With this additional information, you spend significantly less time sorting through stacks of similar vulnerabilities and you can be more focused on identifying key issues that pose risk - exposures.

For those who have never heard of exposure management or are just getting started, there are many benefits to this discipline. When it comes to Tenable’s approach, we adopt that same mentality with our exposure management platform. The goal is simple: exposure management empowers organizations to prioritize remediation efforts more effectively. It surfaces information that helps develop strategies to address not only the vulnerabilities themselves but the emergence of exposures that could lead to significant breaches.

The jump from vulnerability to exposure

Bridging the gap from vulnerability management to exposure management requires connecting context across the entire attack surface. Vulnerability management provides context that predicts the likelihood of an attack and displays key drivers, age of vulnerability and threat sources. These attributes are helpful, but we can go much further to improve our prioritization effectiveness. This requires having broader visibility and deeper insights across the attack surface to understand the bigger picture of exposures.

Specifically, security teams need additional context around:

• Asset context - There are many levels to an asset that can help drive prioritization decisions. It’s key to understand the criticality of an asset related to its type, function, owner name and its relationships to other assets. Even knowing if the asset is accessible from the internet or not will shape how its remediation is prioritized.
   
• Identities - Identities serve as the cornerstone for successful attacks, so it’s key to contextualize them for exposure management. Understanding user-privilege levels, entitlements and user information can help prevent attackers from gaining privilege escalation and moving laterally. Focusing prioritization efforts on vulnerable assets with domain and admin-level privileges is a critical best practice in order to reduce the likelihood of a breach.
   
• Threat context - Having various levels of threat context is also important to prioritize exposures. We know that threats change over time, so leveraging dynamic scoring like VPR or Asset Exposure Score (AES) can show indicators of risk. We can also bring in context from attack path modeling to influence remediation decisions based on the attacker’s perspective by understanding the number of critical attack paths or choke points in your environment.

When security analysts have this additional information, they can now truly understand the breadth and depth of the exposure. This is how prioritization is done in this new world of exposure management.

Introducing Exposure Signals

To help make it easier for you to shift to this exposure management mindset, we have developed a new prioritization capability called Exposure Signals. Available in Tenable One, Tenable’s exposure management platform, Exposure Signals allows security teams to have more comprehensive context in a centralized place for a focused view of risk. 

There are two ways to use these new Exposure Signals. The first is to access a comprehensive library of high-risk, prebuilt signals. Easy to refer to, they signal potential risk in your environment and create a great starting point for you to get your exposure management juices flowing. For example, you can easily see and refer to: 

• Domain admin group on internet-exposed hosts with critical vulnerabilities
• Devices exposed to the internet via RDP with an associated identity account with a compromised password
• Cloud assets with critical severity findings and asset exposure score above 700

Exposure Signals allow you to track the number of violations that signal high-risk scenarios in your environment. View this list on a regular basis to see how it changes over time with its unique trendline. Take exploration into your own hands by viewing the impacted asset and its contextual intelligence in our Inventory Module. 

The second way to use Exposure Signals is by creating your own signals using a query builder or natural language processing (NLP) search powered by ExposureAI. That way, you can go as broad or as precise as needed. For example, let’s say there is a new zero day vulnerability that sweeps the industry, similar to Log4Shell. You can easily create a signal to target which assets have the vulnerability, are internet facing and have domain admin-level privileges. We are stringing these components together so that you can understand your true risk and better direct your prioritization efforts.

To learn more about Tenable One and Exposure Signals, check out our interactive demo:

Ethiopia’s agricultural sector, which is dominated by smallscale, mixed crop, and livestock farming, is the mainstay of the country’s economy. It constitutes more than half the nation’s gross domestic product (GDP), generates more than 85 percent of the foreign exchange earnings, and employs about 80 percent of the population. Ethiopia’s dependence on agriculture makes the country particularly vulnerable to the adverse impacts of climate change on crop and livestock production.

Tenable®, the exposure management company, today announced that it has been ranked first for 2023 worldwide market share for device vulnerability management in the IDC Worldwide Device Vulnerability Management Market Shares (doc #US51417424, July 2024) report. This is the sixth consecutive year Tenable has been ranked first for market share.

According to the IDC market share report, Tenable is ranked first in global 2023 market share and revenue. Tenable credits its success to its strategic approach to risk management, which includes a suite of industry-leading exposure management solutions that expose and close security gaps, safeguarding business value, reputation and trust. The Tenable One Exposure Management Platform, the world’s only AI-powered exposure management platform, radically unifies security visibility, insight and action across the modern attack surface – IT, cloud, OT and IoT, web apps and identity systems.

According to the IDC market share report, “The top 3 device vulnerability management vendors remained the same in 2023 as previous years, with Tenable once again being the top vendor.”

The report highlighted Tenable’s use of generative AI, noting, “ExposureAI, available as part of the Tenable One platform, provides GenAI-based capabilities that include natural language search queries, attack path and asset exposure summaries, mitigation guidance suggestions, and a bot assistant to ask specific questions about attack path results.”

Tenable’s latest innovations in the vulnerability management market – Vulnerability Intelligence and Exposure Response – were also highlighted in the report, stating, “Vulnerability Intelligence provides dynamic vulnerability information collected from multiple data sources and vetted by Tenable researchers, while Exposure Response enables security teams to create campaigns based on risk posture trends so remediation progress can be monitored internally.”

The report also spotlighted the Tenable Assure Partner Program and MDR partnerships, noting, “Tenable has made more of a strategic effort to recruit managed security service providers (SPs) and improve the onboarding experience for them, as well as their customers. Managed detection and response (MDR) providers have been adding proactive exposure management because it helps shrink the customer attack surface, helping them provide better outcomes. Sophos and Coalfire are recently announced partners adding managed exposure management services to their MDR and pen testing services, respectively.”

“At Tenable, we build products for a cloud-first, platform centric world, meeting customers' evolving risk management needs,” said Shai Morag, chief product officer, Tenable. “We leverage cutting edge technology, innovating across our portfolio to help customers know, expose and close priority security gaps that put businesses at risk.” 

"The device vulnerability management market is characterized by a focus on broader exposure management, with a number of acquisitions to round out exposure management portfolios," said Michelle Abraham, senior research director, Security and Trust at IDC. "Vendors are advised to enhance their offerings with additional security signals and automated remediation workflows to stay competitive in this evolving landscape."

To read an excerpt of the IDC market share report, visit https://www.tenable.com/analyst-research/idc-worldwide-device-vulnerability-management-market-share-report-2023 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Updates to the Network Forensic and Vulnerability Organizations web page
Source: Rapporteur Q4/17
Study Questions: Q4/17

Updates to the Network Forensic and Vulnerability Organizations web page
Source: Rapporteur Q4/17 (Cybersecurity)
Study Questions: Q4/17

How companies can help users feel safe by better securing voice assistant data.

Location: Electronic Resource- 

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent. "We believe this is the first public example of an AI agent finding

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories, and their respective

Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 (CVS score: 10.0), the vulnerability has been described as stemming from a lack of input validation to the web-based management

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that

7 August 2020

Hyperbilirubinemia (HB) is a key risk factor for hearing loss in neonates, particularly premature infants. Here, we report that bilirubin (BIL)-dependent cell death in the auditory brainstem of neonatal mice of both sexes is significantly attenuated by ZD7288, a blocker for hyperpolarization-activated cyclic nucleotide-gated (HCN) channel-mediated current (I_h), or by genetic deletion of HCN1. GABAergic inhibitory interneurons predominantly express HCN1, on which BIL selectively acts to increase their intrinsic excitability and mortality by enhancing HCN1 activity and Ca²⁺-dependent membrane targeting. Chronic BIL elevation in neonatal mice in vivo increases the fraction of spontaneously active interneurons and their firing frequency, I_h, and death, compromising audition at the young adult stage in HCN1^+/+, but not in HCN1^–/– genotype. We conclude that HB preferentially targets HCN1 to injure inhibitory interneurons, fueling a feedforward loop in which lessening inhibition cascades hyperexcitability, Ca²⁺ overload, neuronal death, and auditory impairments. These findings rationalize HCN1 as a potential target for managing HB encephalopathy.

In a recent study, researchers from Helmholtz Munich and Augsburg University Hospital demonstrated that nocturnal heat significantly raises the risk of stroke.

Understanding water system risks in fragile and conflict-affected communities is crucial for developing anticipatory action and peace.

The post Waters of vulnerability and transformative solutions first appeared on International Water Management Institute (IWMI).

medlinkMigration/medlink can be an important risk factor in developing psychosis. The incidences of medlinkpsychotic disorder/medlink are greater

Actor Saqib Saleem has opened up about playing the antagonist in the Varun Dhawan-starrer series "Citadel: Honey Bunny."

Manchester : Manchester University Press, [2018]

National Bureau of Economic Research

National Bureau of Economic Research

This Metasploit module exploits a format string vulnerability in the LPRng print server. This vulnerability was discovered by Chris Evans. There was a publicly circulating worm targeting this vulnerability, which prompted RedHat to pull their 7.0 release. They consequently re-released it as "7.0-respin".

A vulnerability is present in AT&T TCP/IP Release 4.0 running on SVR4 systems for both the 386/486 and 3B2 RISC platforms. The problem is in the remote execution server /usr/etc/rexecd and a new version of rexecd is available from AT&T.

This report examines the sustainability of social institutions and their ability to absorb and cope with short-term shocks and longer-term trends by providing risk sharing and expenditure smoothing, focusing on pension, health care and unemployment insurance schemes.

This report examines the sustainability of social institutions and their ability to absorb and cope with short-term shocks and longer-term trends by providing risk sharing and expenditure smoothing, focusing on pension, health care and unemployment insurance schemes.

A new study has assessed the vulnerability of 571 European cities to heatwaves, droughts and flooding caused by climate change. The causes of vulnerability differ across Europe and the researchers say the results could be used to design policies to mitigate the impacts.

In the automobile industry, the development and manufacture of increasingly complex technological components — catalytic converters, LEDs, electric motors, batteries — requires increasingly complex and diverse raw materials with specific qualities. The technological and economic importance of these materials, combined with their vulnerability to supply shortages and likelihood of supply interruptions, indicates their ‘criticality’. This study uses a new methodology to explore the criticality of 27 key metals used in the automotive industry and other sectors, and highlights six that are especially vulnerable: rhodium, dysprosium, neodymium, terbium, europium and praseodymium. The researchers found there was limited recycling and substitution of these metals and a high possibility of restrictions to their supply.

Vulnerability to climate change is likely to rise faster in the least developed countries over the next two decades than it will do in the three decades after 2030, according to a new study. Researchers suggest that this signifies an imminent need for greater international financial assistance.

New research has identified the areas in the Western hemisphere where climate change may have the greatest impacts on amphibians. Alongside traditional methods to predict shifts in geographical ranges, it mapped species with particularly restricted ranges and identified areas most likely to receive less precipitation in the future.