433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | [email protected] | Office: (727) 493-2351

Docker fixes critical auth bypass flaw, again (CVE-2024-41110)

A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. About CVE-2024-41110 CVE-2024-41110 is a vulnerability that can be exploited remotely, without any user interaction, and even the attack complexity is low. “An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request … More → The post Docker fixes critical auth bypass flaw, again (CVE-2024-41110) appeared first on Help Net Security.
http://news.poseidon-us.com/TB3MRm

There’s a catch in USPS insurance program for Medicare-eligible retirees

USPS annuitants who opt out of Medicare Part D will lose underlying prescription drug coverage, according to OPM’s regulations. The post There’s a catch in USPS insurance program for Medicare-eligible retirees first appeared on Federal News Network.
http://news.poseidon-us.com/TB1zJq

This HHS operative is taking on high and complicated hospital bills

This guest is 35 years old and joined federal service only three years ago. She’s having a big impact in a lot of ways having to do with health care delivery. The post This HHS operative is taking on high and complicated hospital bills first appeared on Federal News Network.
http://news.poseidon-us.com/TB1xX1

NARA takes on digitizing modern textual records and other formats

The deadline for agencies to submit digitized records for archiving and preservation by the National Archives and Records Administration came and went. The post NARA takes on digitizing modern textual records and other formats first appeared on Federal News Network.
http://news.poseidon-us.com/TB1gST

CrowdStrike blames buggy testing software for disastrous update

A bug in the Content Validator – a software element CrowdStrike relies on for testing and validating Rapid Response Content updates for its Falcon Sensors – is (partly) why the faulty update wasn’t caught in time, the company said. In a period of (approximately) an hour and 20 minutes on Friday, July 19, 2024, the defective update was delivered to around 8.5 million systems, and triggered a massive worldwide outage of Windows-based systems. CrowdStrike explains … More → The post CrowdStrike blames buggy testing software for disastrous update appeared first on Help Net Security.
http://news.poseidon-us.com/TB117T

Coalfire announces Cyber Security On-Demand portfolio

Coalfire announced its Cyber Security On-Demand portfolio to provide a flexible set of services that reduce cyber risks and remediate security vulnerabilities in customer environments. As attack surfaces grow, defenders need flexibility and a hacker mindset to respond. These services strengthen cybersecurity posture by allowing defenders to continuously adjust security services based on the most pressing threats they face. The services in the Cyber Security On-Demand portfolio offer customers a scalable path to advance their … More → The post Coalfire announces Cyber Security On-Demand portfolio appeared first on Help Net Security.
http://news.poseidon-us.com/TB0pJg

United completes manual reboot as aviation industry reels from CrowdStrike outages

The airline’s IT teams fixed more than 26,000 computers and devices at 365 airports globally, according to CEO Scott Kirby.
http://news.poseidon-us.com/T9zY4T

A new NASA experiment shows finding the building blocks for life on other planets may not require much digging

New research from NASA shows that the building blocks of life beyond Earth may not be hard to find were we ever to send a probe to do some digging around. The post A new NASA experiment shows finding the building blocks for life on other planets may not require much digging first appeared on Federal News Network.
http://news.poseidon-us.com/T9zF5V

SCW Trust Agent measures developers’ security competencies for code commits

Secure Code Warrior introduced SCW Trust Agent – a solution that assesses the specific security competencies of developers for every code commit. This innovative offering enables CISOs and application security (AppSec) teams to embrace a Secure-by-Design approach with deeper visibility into their organizations’ software development security posture. The launch of SCW Trust Agent follows the company’s rollout of SCW Trust Score, the first industry benchmark that quantifies the security posture of organizations’ developer teams. Both … More → The post SCW Trust Agent measures developers’ security competencies for code commits appeared first on Help Net Security.
http://news.poseidon-us.com/T9ycrq