John Leyden 22 February 2023 at 14:23 UTC A fix has been issued for a critical vulnerability affecting several technologies. A significant security flaw within a popular anti-malware scanner presents a serious threat to various products from Cisco, a leading networking company. The identified vulnerability in the ClamAV scanning library (known as CVE-2023-20032) poses a…
John Leyden 22 February 2023 at 14:23 UTC A patch has been released addressing a significant vulnerability that could endanger several technologies. A security vulnerability in a bundled anti-malware scanning product has created a serious risk for various Cisco products. Specifically, a vulnerability in the ClamAV scanning library (identified as CVE-2023-20032) poses a significant security…
Ben Dickson27 February 2023 at 11:50 UTC Recent vulnerabilities have exposed flaws in protections against cross-site request forgery (CSRF). An alarming issue in the Chromium project has been identified, allowing unauthorized users to bypass critical security features designed to protect sensitive cookies on Android devices. The SameSite attribute allows developers to restrict cookie access, thus…
Jessica Haworth-Elsayed 24 February 2023 at 13:09 UTC Updated: 27 February 2023 at 15:32 UTC In this bi-weekly summary, we delve into recent vulnerabilities in application security, innovative hacking methodologies, and significant updates from the cybersecurity landscape. Recently, Twitter encountered backlash as its CEO Elon Musk declared that SMS-based two-factor authentication (2FA) will now be…
Ben Dickson 27 February 2023 at 11:50 UTC Recent findings reveal vulnerabilities in protections against cross-site request forgery (CSRF), which may be exploited by malicious entities. A critical vulnerability in the Chromium platform might allow attackers to sidestep a vital security feature designed to protect sensitive cookies in Android browsers. The SameSite attribute is implemented…
The second installment of our series on password managers delves into enterprise-level solutions designed to manage API tokens, login credentials, and much more. Today’s enterprises manage numerous servers, applications, services, APIs, and containers. To protect these assets, they require robust tools to handle sensitive information, including passwords, encryption keys, SSH keys, API tokens, and certificates….
Charlie Osborne28 February 2023 at 14:15 UTC Updated: 28 February 2023 at 14:51 UTC A researcher has shown alarming vulnerabilities that allowed access to the personal identifiable information (PII) of approximately 185 million Indian citizens, enabling the creation of counterfeit driving licenses. An important revelation came from student and cybersecurity researcher Robin Justin, who disclosed…
The transition to Post-Quantum Cryptography (PQC) is essential to safeguard against potential threats from advancing quantum computing technologies. This challenge is extensive and requires a coordinated effort over multiple years on a global scale. The NCSC, as the UK’s primary technical authority for cyber security and cryptography, is committed to leading this initiative. We have…
The transition to Post-Quantum Cryptography (PQC) is a significant global challenge that spans multiple years, aimed at safeguarding against the impending threats posed by advancements in quantum computing. As the United Kingdom’s authoritative body for cybersecurity and cryptography, the National Cyber Security Centre (NCSC) is actively engaged in facilitating this transition. We have released technical…
The transition to Post-Quantum Cryptography (PQC) is essential for safeguarding against the impending risks associated with advancements in quantum computing. This endeavor is a large-scale, multi-year project that requires widespread collaboration. The National Cyber Security Centre (NCSC), serving as the UK’s primary technical authority in cyber security and cryptography, plays a pivotal role in this…
