InfoSec News Nuggets 2/28/2024

Most Commercial Code Contains High-Risk Open Source Bugs Three-quarters (74%) of commercial codebases contain open source components featuring “high-risk” vulnerabilities, according to a new study from Synopsys. The chip design tool company’s ninth annual Open Source Security and Risk Analysis (OSSRA) report analyzed anonymized findings from over 1000 commercial codebase audits in 17 industries. It found that the share featuring high-risk open source bugs – that is, ones that have been actively exploited, have documented proof-of-concept exploits or are…
Read More

InfoSec News Nuggets 04/12/2023

Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not.  It was the kind of doomsday scenario cybersecurity experts had been warning about for years: hackers infiltrate a small water utility and try to poison the local population. And that’s exactly what appeared to happen in February 2021 in Oldsmar, Florida. News of hackers remotely tampering with levels of lye at the local water treatment facility alarmed officials, shocked the…
Read More

InfoSec News Nuggets 09/20/2022

Eyeglass Reflections Can Leak Information During Video Calls A group of academic researchers have devised a method of reconstructing text exposed via participants’ eyeglasses and other reflective objects during video conferences. Zoom and other video conferencing tools, which have been widely adopted over the past couple of years as a result of the Covid-19 pandemic, may be used by attackers to leak information unintentionally reflected in objects such as eyeglasses, the researchers say. “Using mathematical…
Read More