software security | Breaking Cybersecurity News | The Hacker News

Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by a remote, man-in-the middle attacker to compromise Linux machines. The flaw, apparently, once again demonstrates that if the software download ecosystem uses HTTPS to communicate safely, such attacks can easily be mitigated at the first place. Discovered by Max Justicz, the vulnerability (CVE-2019-3462) resides in the APT package manager, a widely used utility that handles installation, update and removal of software on Debian, Ubuntu, and other Linux distributions. According to a blog post published by Justicz and details shared with The Hacker News, the APT utility doesn't properly

Washington State Department of Corrections (DoC) is facing an investigation after it early released around 3,200 prisoners over the course of 13 years , since 2002, when a bug was introduced in the software used to calculate time credits for inmates' good behavior. The software glitch led to a miscalculation of sentence reductions that US prisoners were receiving for their good behaviour. Over the next 13 years, the median number of days of those released early from prison was 49 days before their correct release date. "This problem was allowed to continue for 13 years is deeply disappointing to me, totally unacceptable and, frankly, maddening," Washington State Governor Jay Inslee said in a statement . "I've [many] questions about how and why this happened, and I understand that members of the public will have those same queries." What's the Bug and How did it Remain Undetected for 13 Years? The issue lies in DoC software that is

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,