Aggregator

NASA 证实正与国际合作伙伴以及标准组织制定月球时间标准协调月球时（Coordinated Lunar Time 或 LTC)。月球时间标准将会考虑相对论，可扩展到其它天体，支持长期太空任务如 Artemis 以及商业性太空活动。月球时间将由月球原子钟加权平均决定，类似地球上的协调世界时(UTC)计算方式。原子钟在月球的位置还没有决定，现有的分析显示原子钟在月球表面每天滴答的速度快数微秒。NASA 及其合作伙伴正研究哪一种数学模型最适合建立月球时间。

微软在即将推出的 Windows Server 版本中淘汰了老旧的点对点隧道协议 (PPTP) 和二层隧道协议 (L2TP)，从而在增强 VPN 安全性方面迈出了重要一步。虽然这些协议长期以来一直是 Windows VPN 的组成部分，但微软鼓励用户过渡到更现代、更安全的替代协议： 安全套接字隧道协议 (SSTP) 和 Internet 密钥交换版本 2 (IKEv2)。 微软在最近的一份声明中指出：“随着技术的发展，我们的安全协议也必须与时俱进。作为我们提供最高级别安全和性能的持续承诺的一部分，我们将在未来的 Windows Server 版本中淘汰 PPTP 和 L2TP 协议。” 值得注意的是，弃用并不意味着立即删除。 微软澄清说：“被弃用的功能将继续工作并得到全面支持，直到它们被正式移除。我们相信您已经将产品生命周期纳入了您的管理策略。即便如此，弃用通知也可以跨越几个月或几年的时间，以帮助您进行必要的过渡。” 此举并不令人意外，因为 PPTP 和 L2TP 存在安全漏洞已有时日。随着威胁环境的不断变化，这些协议已不再被认为足够强大，能够满足现代安全标准。 微软提倡采用 SSTP 和 IKEv2，理由是它们具有卓越的安全性、性能和可靠性。SSTP 利用 SSL/TLS 加密技术提供安全的通信通道，并能无缝穿越防火墙。IKEv2 拥有强大的加密算法、稳健的身份验证和更高的性能，因此特别适合移动用户。 虽然未来的 Windows Server 版本仍允许使用 PPTP 和 L2TP 进行 VPN 输出连接，但将不再支持基于这些协议的输入连接。这一变化旨在引导用户使用更安全的 VPN 配置。 为了促进平稳过渡，微软提供了有关如何安装和配置 SSTP/IKEv2 以实现 VPN 服务器功能的详细说明。 这一停用标志着 Windows Server VPN 功能的重大转变，它优先考虑安全性并鼓励采用现代协议。通过过渡到 SSTP 和 IKEv2，企业可以确保其网络通信在面对不断变化的网络威胁时保持安全、高效和可靠。     转自安全客，原文链接：https://www.anquanke.com/post/id/300842 封面来源于网络，如有侵权请联系删除

Уязвимость в платёжных шлюзах на Linux делает банкоматы лёгкой добычей.

A vulnerability was found in Cisco ASA up to 9.4.3.3 and classified as critical. This issue affects some unknown processing of the component ICMP Echo Reply ACL. The manipulation as part of ICMP Subtype leads to improper input validation (Firewall). The identification of this vulnerability is CVE-2016-1445. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Google Chrome. This affects an unknown part of the component Installer. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2020-6546. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

Система «Спрут-Тел» анализирует публикации и реакции пользователей.

Japanese electronics firm Casio has reported a ransomware attack and data breach

A vulnerability was found in Imagination Technologies Graphics DDK up to 24.2 RTM1. It has been rated as critical. This issue affects some unknown processing of the component GPU System Call Handler. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-43701. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Checkmk up to 2.1.0p47/2.2.0p34/2.3.0p17. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to use of get request method with sensitive query strings. This vulnerability was named CVE-2024-38863. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Moxa EDR-8010, EDR-G9004, EDR-G9010, EDF-G1002-BP, NAT-102, OnCell G4302-LTE4 and TN-4900. It has been classified as critical. This affects an unknown part. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2024-9139. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Премьер-министр Шри-Ланки обратилась к Таиланду за помощью.

A vulnerability was found in Moxa EDR-8010, EDR-G9004, EDR-G9010, EDF-G1002-BP, NAT-102, OnCell G4302-LTE4 and TN-4900 and classified as critical. Affected by this issue is some unknown functionality of the component Moxa Service. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2024-9137. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Cisco WebEx Meetings Player T29.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WRF File Handler. The manipulation leads to improper input validation. This vulnerability is known as CVE-2016-1464. The attack needs to be approached locally. Furthermore, there is an exploit available.

A vulnerability has been found in Checkmk up to 2.0.0p39/2.1.0p47/2.2.0p34/2.3.0p17 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive information in log files. This vulnerability is known as CVE-2024-38862. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Sun Sunone Starter Kit 2.0. It has been rated as problematic. This issue affects some unknown processing of the component ASTAware SearchDisk Engine. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2002-1525. The attack may be initiated remotely. Furthermore, there is an exploit available.