Security
Headlines
HeadlinesLatestCVEs

Latest News

INE Security Alert: Expediting CMMC 2.0 Compliance

Cary, North Carolina, 26th January 2025, CyberNewsWire

HackRead
#ios#auth
Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server.  The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a

UnitedHealth Group’s Massive Data Breach Impacts 190 Million Americans

UnitedHealth Group has confirmed that a ransomware attack targeted its subsidiary, Change Healthcare, in February 2024, impacting 190…

American National Insurance Company (ANICO) Data Leaked in MOVEit Breach

Cybersecurity researchers discovered 270,000+ lines of American National Insurance customer data leaked online, potentially linked to the 2023…

CISOs Are Gaining C-Suite Swagger, but Has It Come With a Cost?

The number of CISOs who report directly to the CEO is up sharply in recent years, but many still say it's not enough to secure adequate resources.

DoJ Busts Up Another Multinational DPRK IT Worker Scam

A departmentwide initiative has now led to five major law enforcement actions, in an attempt to curb the increasingly common trend of North Korean hackers posing as IT job applicants.

GHSA-6729-95v3-pjc2: HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information

### Impact In CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username and credential. This does not impact users that clone public repos without credentials, such as those using the auto-ig-build continuous integration infrastructure. ### Patches This problem has been patched in release [1.8.9](https://github.com/HL7/fhir-ig-publisher/releases/tag/1.8.9) ### Workarounds Users should update to 1.8.9 or the latest release OR Users should ensure the IG repo they are publishing does not have username or credentials included in the `origin` URL. Running the command `git remote origin url` should return a URL that contains no username, password, or token. OR Users should run the IG Publisher CLI with the `-repo` parameter and specify a URL that contains no us...

MITRE's Latest ATT&CK Simulations Tackle Cloud Defenses

The MITRE framework's applied exercise provides defenders with critical feedback about how to detect and defend against common, but sophisticated, attacks.

Cisco: Critical Meeting Management Bug Requires Urgent Patch

The bug has been given a 9.9 CVSS score, and could allow authenticated threat actors to escalate their privileges to admin-level if exploited.

3 Use Cases for Third-Party API Security

Third-party API security requires a tailored approach for different scenarios. Learn how to adapt your security strategy to outbound data flows, inbound traffic, and SaaS-to-SaaS interconnections.