Webtagr - Technology News Summarizer

Critical Vulnerabilities Found in Secrets Management Vaults

2025-08-07

Researchers discovered subtle logic flaws in HashiCorp Vault and CyberArk Conjur, allowing attackers to bypass authentication, evade policy checks, and impersonate accounts. These vaults, storing credentials governing access to systems and data, are the backbone of digital infrastructure. Compromise means complete infrastructure loss. The vulnerabilities, responsibly disclosed and now patched, highlight the critical need for robust secrets management and access control.

(www.csoonline.com)

Tech secrets management

Xbow Reports Nearly 1,000 Vulnerabilities, Including a Zero-Day in Palo Alto Networks VPN

2025-07-06

Security research firm Xbow submitted nearly 1,060 vulnerabilities to HackerOne in the last 90 days, including critical flaws like remote code execution and information disclosure. They also discovered and reported a previously unknown vulnerability in Palo Alto Networks' GlobalProtect VPN, impacting over 2,000 hosts. While many have been addressed (130 resolved, 303 triaged), approximately 45% remain unpatched, highlighting the sheer volume and impact of the disclosed vulnerabilities.

(www.csoonline.com)

Tech

Microsoft Appoints New Deputy CISO for Europe to Tackle Stricter Cybersecurity Regulations

2025-05-03

Microsoft has appointed a new Deputy Chief Information Security Officer (CISO) for Europe, responsible for ensuring compliance with the EU's increasingly stringent cybersecurity regulations, such as the Digital Operational Resilience Act (DORA), the NIS2 Directive, and the Cyber Resilience Act (CRA). This role is crucial for Microsoft's compliance in Europe and its global cybersecurity strategy, highlighting the company's focus on European data security and cyber resilience. While Microsoft hasn't revealed further details, the move shows the company is proactively addressing the evolving global cybersecurity landscape.

(www.csoonline.com)

Tech EU Regulations

Google Analytics Security Risks: A CISO's Headache

2025-04-26

CISOs need to carefully assess the risks associated with sharing data with third parties, particularly when using Google Analytics. The article highlights that Google Analytics can inadvertently collect sensitive data, such as personally identifiable information (PII) embedded in URLs (names, emails, birthdates, etc.) or form field values. To prevent this, CISOs must ensure that when configuring Google Analytics, all query parameters, form inputs, and dynamic page elements that could contain sensitive data are filtered out. Otherwise, this data could be tracked and collected by Google Analytics, posing significant security risks.

(www.csoonline.com)

Tech

CVE Numbering System on the Brink of Collapse: DHS Ends MITRE Contract

2025-04-16

The US Department of Homeland Security (DHS) has ended its 25-year contract with MITRE, leaving the CVE vulnerability numbering system on the brink of collapse. This will result in a massive backlog at the National Vulnerability Database (NVD), with over 30,000 vulnerabilities already awaiting processing and a further 80,000+ 'deferred' (meaning they won't be fully analyzed). This move will severely impact global vulnerability management, causing significant challenges for organizations relying on CVE/NVD information. National vulnerability databases, such as those in China and Russia, will also be affected. The reason for the contract termination remains unclear, but is likely linked to the Trump administration's cost-cutting measures.

(www.csoonline.com)

Tech