Aggregator

We deep dive into CVE-2024-27198, also known as the JetBrains TeamCity Multiple Authentication Bypass.

A vulnerability was found in Adobe Acrobat Reader up to 11.0.22/2015.006.30355/2017.011.30066/2017.012.20098. It has been classified as critical. This affects an unknown part. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2017-16400. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Новый проект DARPA разрабатывался на основе самых строгих криптографических стандартов.

Recently in our webinar series with Amazon Web Services (AWS) and Fortify by OpenText™, our third installment, "The Power of SBOMs: Regulations Looming," brought the panel together to discuss the evolving role of software bills of materials (SBOMs) amidst tightening global regulations.

The post Navigating new regulations and the role of SBOMs in software security appeared first on Security Boulevard.

U.S. oil company Halliburton disclosed a data breach following the RansomHub ransomware gang attack that occurred in August. In August, Halliburton, a major U.S. oil company, announced that a cyberattack hit its IT infrastructure, particularly impacting operations at its Houston offices. Halliburton Company is an American multinational corporation and the world’s second largest oil service company which is […]

Valve 掌机 Steam Deck 及其操作系统 SteamOS 的成功吸引了对基于 Linux 的游戏操作系统的投资。Playtron 公司正在开发基于 Fedora Silverblue 的游戏操作系统 PlaytronOS，它最近获得了日本游戏公司 Square Enix 的投资。与 SteamOS 不同之处在于它不仅集成了 Steam，还集成了其它流行客户端如 GOG 和 Epic Games。它释出的首个 Alpha 版本已在掌机 AYANEO 2、ASUS ROG Ally、GPD Win 4 (2023)、联想 Legion Go、Valve Steam Deck LCD 和 Valve Steam Deck OLED 上进行了测试。

A vulnerability was found in YaBB SE 0.8/1.4.1/1.5.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument language leads to file inclusion. This vulnerability is known as CVE-2000-1176. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

还没导入k线数据，继续在测试。

Ping Identity announced the addition of key identity capabilities to its FedRAMP High & DoD IL5 offerings. With Ping Government Identity Cloud, federal agencies and government suppliers now have access to capabilities that enable them to boost compliance, security and experiences through modernizing identity, credential and access management. Following FedRAMP High certification, DOD Impact Level 5 (IL5) authorization, and joining with ForgeRock, Ping Government Identity Cloud now offers authorized identity capabilities for multi-factor authentication (MFA), … More →

The post Ping Identity strengthens security for federal agencies and government suppliers appeared first on Help Net Security.

In a recent podcast interview with Cybercrime Magazine's host, David Braue, Scott Schober, Cyber Expert, Author of "Hacked Again," and CEO of Berkeley Varitronics Systems, discusses the July 2024 CrowdStrike outage, explaining what happened and more. 

The post Microsoft-CrowdStrike Outage Explained appeared first on Security Boulevard.

A vulnerability was found in CJmall 4.1.8. It has been rated as critical. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-5855. Access to the local network is required for this attack. There is no exploit available.

瑞典卫生部周一发布了一份指导方针，对儿童和青少年的屏幕使用时间设限。卫生部门建议，父母和监护人应该考虑如何在孩子面前使用屏幕设备，当孩子在场时向其解释自己在手机上做什么。它建议两岁以下儿童不应接触任何屏幕，2-5 岁儿童的屏幕使用时间应限制在 1 小时以内，6-12 岁儿童的屏幕使用时间应限制在 2 小时以内，13-18 岁青少年的屏幕使用时间限制在 3 小时。这一建议将大幅减少瑞典儿童和青少年目前的平均屏幕使用时间——9-12 岁儿童每天屏幕使用时间是 4 个小时，17-18 岁青少年每天花在屏幕前的时间超过 7 个小时，这一数字还不包括学校作业。