Philip Choo

The Cybersecurity and Infrastructure Security Agency (CISA) has published a new five-step 5G Security Evaluation Process to help companies improve their security posture before deploying new 5G applications. More specifically, the new guidelines include information about relevant threat frameworks, 5G system security standards, industry security specifications, federal security guidance documents and methodologies to conduct cybersecurity
Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could “allow an attacker to execute arbitrary code in the context of
To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PDT, subscribe here. Happy Friday, Crunchers! It’s 27 May 2022, and we are slinking into a long weekend because it’s Memorial Day weekend here in the U.S. There’s no newsletter on Monday — Haje is
Pro-consumer website Comparitech has released a new report exploring legislation about child data collection in the world’s top 50 countries by gross domestic product (GDP). The document assessed 23 different aspects of these policies to assess whether specific legislation was in place for children’s online data or not. Aspects examined included requirements for privacy policies,
Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe “Pantsdown” Baseboard Management Controller (BMC) flaw, according to new research published today. “An attacker running code on a vulnerable QCT server would be able to ‘hop’ from the server host to the BMC and move their attacks to the server management network,
Substack, the five-year-old newsletter platform that has aggressively positioned itself as a disruptive force in media, has abandoned efforts to raise a Series C round, the New York Times is reporting today.  According to its sources, Substack held discussions with potential investors in recent months about raising $75 million to $100 million at a valuation
October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant. Fitness trackers worn on the wrist, glucose monitors that test
Over the past decade, REST APIs have become a de facto architectural approach for modern web and mobile application platforms. They separate data and presentation layers, allowing systems to scale in size and feature sophistication over time. However, as data moves across boundaries, security becomes a key concern for REST APIs containing sensitive information. One
The Cybersecurity and Infrastructure Security Agency (CISA) has added 41 vulnerabilities to its catalog of known exploited flaws this week. The US federal agency has urged all organizations to remediate these vulnerabilities promptly to “reduce their exposure to cyber-attacks.” Federal Civilian Executive Branch (FCEB) agencies are required by law to remediate all vulnerabilities in the catalog by the specified
A year-long international investigation has resulted in the arrest of the suspected head of the SilverTerrier cybercrime group by the Nigeria Police Force. “The suspect is alleged to have run a transnational cybercrime syndicate that launched mass phishing campaigns and business email compromise schemes targeting companies and individual victims,” Interpol said in a statement. Operation
Republican lawmakers are facing growing anger over the deadliest mass shooting at an American school in nearly a decade yesterday, with many of their constituents expressing frustration over their repeated votes against even modest gun control reforms. Social media can’t solve the problem. Indigov, a three-year-old, 70-person New York-based startup, can’t solve it either, but
When DigitialOcean bought Nimbella last year, you knew it intended to go deeper into serverless technologies, and sure enough the company announced a new feature called DigitalOcean Functions today, based on Nimbella technology. DigitalOcean offers cloud infrastructure services at a price point below that of the Big 3, making it popular with developers. Gabe Monroy,
The District of Columbia announced that it sued Meta Platforms Inc. CEO Mark Zuckerberg for his role in the data breach that allowed political consulting firm Cambridge Analytica to target Facebook users during the 2016 US presidential election. The “sweeping investigation” found that Zuckerberg had lax oversight of users and created misleading privacy agreements that resulted in
As NFTs exploded in popularity, scammers also jumped on the hype. Watch out for counterfeit NFTs, rug pulls, pump-and-dumps and other common scams plaguing the industry. Looking back at 2012, colored coins were the first hint of what we now call non-fungible tokens (NFTs), or nifties for some. Ten years later, these blockhain-based assets that
Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don’t mitigate these risks are vulnerable to attack. In this article, we outline how containers contributed to agile development, which unique security risks containers bring into the picture – and