Aggregator

Software Security / Data ProtectionSolarWinds has released fixes to address two security flaws in

Может ли обычный джойстик заменить скальпель?

Veritas Technologies unveiled new AI-driven capabilities to further expand the strength and functionality of the Veritas cyber resilience portfolio. The new innovations, including AI-powered automation and user interface enhancements, provide data protection specialists and IT generalists with intelligent, easy-to-use solutions that remove the uncertainty from cyber recovery. Deepak Mohan, EVP of engineering at Veritas, said: “Data security is becoming increasingly complex, and IT teams are under mounting pressure to ensure that data is always available, … More →

The post Veritas unveils AI-driven features to simplify cyber recovery appeared first on Help Net Security.

Submit #408931 / VDB-276272

Submit #408871 / VDB-277761

Уязвимость оставалась открытой, пока её не заметили исследователи.

Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). "Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)," David Adrian, David Benjamin, Bob Beck, and Devon O'Brien of the Chrome Team said. "The

A vulnerability, which was classified as problematic, has been found in langchain-ai langchain up to 0.2.8. Affected by this issue is the function FAISS.deserialize_from_bytes. The manipulation leads to deserialization. This vulnerability is handled as CVE-2024-5998. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator. "The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and

ИИ будет обучать беспилотники на лету.

索尼 PS1 模拟器项目 DuckStation 经历了两次许可证修改，它事实上不再是开源软件。DuckStation 原本采用 GPL 许可证，按照 GPL 的要求修改版本需要公开源代码，但很多时候修改版本并没有遵守这一要求。DuckStation 于 9 月 1 日改为 PolyForm Strict License，9 月 13 日再次切换到 CC-BY-NC-ND 许可证，禁止商业使用，禁止衍生作品，这意味着禁止任何人将 DuckStation 重新打包。项目作者表示，更换许可证获得了主要贡献者的同意，表示受够了对 GPL 许可证的频繁违反，称如果遭到骚扰会考虑关闭源码库。

F5 launched F5 NGINX One, combining advanced load balancing, web and application server capabilities, API gateway functionalities, and security features in a dedicated package. Customers are now able to simply manage and secure F5 NGINX instances and NGINX Open Source from a single cloud management interface. End-to-end visibility speeds apps to market and enables advanced features like AI more efficiently versus a traditional siloed approach. This new offering makes NGINX technology easier to deploy, unlocking … More →

The post F5 NGINX One improves app delivery and security functions appeared first on Help Net Security.

CISA released three Industrial Control Systems (ICS) advisories on September 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-261-01 Siemens SIMATIC S7-200 SMART Devices
• ICSA-24-261-02 Millbeck Communications Proroute H685t-w
• ICSA-24-261-03 Yokogawa Dual-redundant Platform for Computer (PC2CKM)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2014-0497 Adobe Flash Player Integer Underflow Vulnerability
• CVE-2013-0643 Adobe Flash Player Incorrect Default Permissions Vulnerability
• CVE-2013-0648 Adobe Flash Player Code Execution Vulnerability
• CVE-2014-0502 Adobe Flash Player Double Free Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS) continue to appear in software, enabling threat actors to exploit them. However, cross-site scripting vulnerabilities are preventable and should not be present in software products.

CISA and FBI urge CEOs and other business leaders at technology manufacturers to direct their technical leaders/teams to review past instances of these defects and create a strategic plan to prevent them in the future.

Visit our website to learn more about the principles of Secure by Design, take the Secure by Design Pledge, and stay informed on the latest Secure by Design Alerts.

When you connect your organization’s Google Drive account to ChatGPT, you grant ChatGPT extensive permissions for not only your personal files, but resources across your entire shared drive. As you might imagine, this introduces an array of cybersecurity challenges. This post outlines how to see ChatGPT activity natively in the Google Workspace admin console, and how Nudge Security can

MSSQL domain privesc (@_nullbind), .mobi whois takeover (@watchtowrcyber),