Aggregator

The FDIC is clarifying its policy and supervisory approach related to facilitating payment processing services directly, or indirectly through a third party, for merchant customers engaged in higher-risk activities.

The FFIEC on Oct. 7 issued a joint statement concerning Microsoft's discontinuation of support for its Windows XP operating system as of April 8, 2014.

Five federal regulatory agencies encourage financial institutions to work with customers affected by the federal government shutdown.

The FDIC has announced a series of steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas of Illinois affected by severe storms, straight-line winds, and tornadoes.

IT Services Vendor Is Sending Individual Letters to Victims on a Rolling Basis
Millions of Americans will soon receive a breach notification letter from Change Healthcare, which said on Monday that it has started the process of notifying victims of the massive cyberattack and data theft incident first detected more than five months ago.

Leading Cybersecurity, Technology Companies 'Gravely Concerned' Over Cyber Treaty
Leading cybersecurity and technology firms in the West feel "abandoned" by the United States and Europe as talks for a United Nations cybercrime treaty near their end. Member nations resumed cybercrime treaty negotiations on Monday in New York.

Peter McKay on Improving Developer Practices, Integrating Security and Cutting Risk
Snyk CEO Peter McKay discusses lessons from the recent CrowdStrike outage, emphasizing the importance of robust development practices, effective communication and the integration of quality and security in modern software development. He also highlights Snyk's role in advancing developer security.

Threat Actors Profit from GitHub's Inauthentic Accounts Network
Hackers apparently stymied by improved network detection of malware are turning to fake GitHub repositories to host malicious links and archives embedded with viruses. A threat actor dubbed "Stargazer Goblin" is a step beyond hackers who merely use GitHub repositories to host malicious code.

Министр Саид представила новую стратегию цифровой безопасности страны.

欧洲银行业在抵御网络攻击方面已经做好了高水平的准备，但在恢复能力方面仍有“改进空间”。

A vulnerability classified as problematic was found in Mashov up to 3.8.45. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. This vulnerability is known as CVE-2024-41693. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Matrix Tafnit. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-38430. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Matrix Tafnit. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to reliance on file name or extension of externally-supplied file. The identification of this vulnerability is CVE-2024-38432. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in EC-CUBE Web API Plugin. It has been declared as problematic. This vulnerability affects unknown code of the component OAuth Management Page. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-41141. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Matrix Tafnit. It has been classified as problematic. This affects an unknown part. The manipulation leads to files or directories accessible. This vulnerability is uniquely identified as CVE-2024-38429. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Matrix Tafnit and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to observable response discrepancy. This vulnerability is handled as CVE-2024-38431. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in FFRI AMC, FFRI AMC for ActSecure χ and Sky EDR Plus Pack up to 3.5.3 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-40895. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in EC-CUBE. Affected is an unknown function of the component PHP Package Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-41924. The attack needs to be approached within the local network. There is no exploit available.