Falsehoods People Believe about CVE's
(medium.com)
Despite its ubiquity, there is widespread confusion about what a CVE actually is. Many people — some of them in charge of large enterprises— believe a CVE is the same thing as a software vulnerability. Or that every software vulnerability has a CVE. Or that a CVE always includes technical details, a fix, a CVSS score, and a confession from the developer who introduced the bug.
Despite its ubiquity, there is widespread confusion about what a CVE actually is. Many people — some of them in charge of large enterprises— believe a CVE is the same thing as a software vulnerability. Or that every software vulnerability has a CVE. Or that a CVE always includes technical details, a fix, a CVSS score, and a confession from the developer who introduced the bug.
Microsoft isn't fixing 8-year-old shortcut exploit abused for spying
(theregister.com)
An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.
An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.
Hugging Face datasets and models for cybersecurity/sofwtare vulnerabilities
(huggingface.co)
CIRCL is the CERT (Computer Emergency Response Team/Computer Security Incident Response Team) for the private sector, communes and non-governmental entities in Luxembourg.
CIRCL is the CERT (Computer Emergency Response Team/Computer Security Incident Response Team) for the private sector, communes and non-governmental entities in Luxembourg.
U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, First-Ever Report
(zetter-zeroday.com)
In a first-of-its-kind report, the US government has revealed that it disclosed 39 zero-day software vulnerabilities to vendors or the public in 2023 for the purpose of getting the vulnerabilities patched or mitigated, as opposed to retaining them to use in hacking operations.
In a first-of-its-kind report, the US government has revealed that it disclosed 39 zero-day software vulnerabilities to vendors or the public in 2023 for the purpose of getting the vulnerabilities patched or mitigated, as opposed to retaining them to use in hacking operations.
Zizmor would have caught the Ultralytics workflow vulnerability
(yossarian.net)
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.