#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Government security | Breaking Cybersecurity News | The Hacker News

Category — Government security
CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

Aug 24, 2024 Vulnerability / Government Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities ( KEV ) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the "Change Favicon" feature that could allow a threat actor to upload a malicious file by masquerading it as a seemingly harmless PNG image file. "The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface," CISA said in an advisory. "The 'Change Favicon' (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .PNG extension disguised as an image." However, a successful exploitation is poss...
Bulgaria passes Law that mandates Government Software must be Open Source

Bulgaria passes Law that mandates Government Software must be Open Source

Jul 07, 2016
Do you have any idea what the software you have installed is doing stealthily in the background? If it's not an open source software, can you find out? Usually, the answer is no. After Edward Snowden's revelations, it's clear that how desperately government agencies wants to put secret backdoors in your network, devices, and software. However, Bulgaria has come forward with an all new set of laws that would be appreciated by privacy lovers and open-source community. Also Read:  Top Best Password Managers . The Bulgarian Parliament has passed legislative amendments to its Electronic Governance Act that require all software written for the country's government to be fully open-sourced and developed in the public Github repository . This means that source code of software developed for the Bulgarian government would be accessible to everyone and provided free for use without limitations. Article 58A of the Electronic Governance Act states that administrative...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Experts Warn of Growing Data Theft as Government Lags in Cybersecurity

Experts Warn of Growing Data Theft as Government Lags in Cybersecurity

Dec 07, 2010
It will take several more years for the government to fully install high-tech systems to block computer intrusions. This prolonged timeline enables criminals to become more adept at stealing sensitive data, experts say. As the Department of Homeland Security (DHS) methodically works to secure the approximately 2,400 network connections used daily by millions of federal workers, experts suggest that technology may already be outpacing them. The DHS, responsible for securing non-military government systems, is gradually moving all government Internet and e-mail traffic into secure networks. These networks will eventually be protected by intrusion detection and prevention programs. However, progress has been slow. Officials are trying to finalize complex contracts with network vendors, resolve technology issues, and address privacy concerns related to monitoring employees and public citizens. The recent WikiLeaks release of over a quarter-million sensitive diplomatic documents highligh...
cyber security

Breaking Barriers: Strategies to Unite AppSec and R&D for Success

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Expert Insights / Articles Videos
Cybersecurity Resources