Aggregator

让我们换个角度看乌克兰

安全新视野 | 新型攻击方式——PLC勒索病毒的研究和预警 日期：2024年10月18日 阅：89

The latest generations of Intel processors, including Xeon chips, and AMD's older Zen 1, Zen 1+, and Zen 2 microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing 'Spectre' mitigations. [...]

1. Play勒索团伙公布新的受害公司 2. Ransomhouse勒索团伙公布新的受害公司 3. Cactus勒索团伙公布了新的受害公司

Over the past decade, the world of open source software has undergone a seismic transformation, both in terms of its scale and challenges.

The post The transformation of open source: Lessons from the past decade appeared first on Security Boulevard.

Законопроекты Росфинмониторинга готовятся к принятию.

A vulnerability was found in Adobe Acrobat Reader up to 11.0.17/15.006.30201/15.017.20053 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2016-6996. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Meta 在洛杉矶解雇了 20 多名员工，原因是他们用每天 25 美元的餐费抵用券购买了祛痘贴、酒杯和洗衣粉等家居用品。Meta 和大多数大型科技公司一样，为在总部工作的员工提供免费食物。

企业资讯

A vulnerability has been found in Adobe Acrobat Reader up to 11.0.17/15.006.30201/15.017.20053 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2016-6995. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

TrickMo 于 2020 年首次由 IBM X-Force 记录，但据悉其至少从 2019 年 9 月起就被用于针对 Android 用户的攻击。

用户无需自行搭建和维护硬件或软件环境，只需通过订阅服务的形式即可享受云服务商提供的WAF保护，具有高度的灵活性、可扩展性和易用性。

A vulnerability was found in Adobe Acrobat Reader up to 11.0.17/15.006.30201/15.017.20053. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2016-6994. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Like most businesses, banks are facing a highly competitive future built on digital services. To succeed, they must modernize their IT infrastructure to deliver the experiences that customers now demand, without incurring the wrath of regulators. Yet the wealth of sensitive information managed by financial services firms ensures the sector remains a popular target for state-backed and criminally motivated threat actors.

The post Celebrating Excellence in Financial Services appeared first on Security Boulevard.

A vulnerability was found in Cisco ATA. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web-based Management Interface. The manipulation leads to os command injection. This vulnerability is known as CVE-2024-20459. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Cisco ATA. This vulnerability affects unknown code of the component HTTP Endpoint. The manipulation leads to os command injection. This vulnerability was named CVE-2024-20458. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Cisco ATA. Affected is an unknown function of the component CLI. The manipulation leads to os command injection. This vulnerability is traded as CVE-2024-20461. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in OpenText Application Lifecycle Management and Quality Center. Affected by this vulnerability is an unknown functionality. The manipulation leads to untrusted search path. This vulnerability is known as CVE-2023-32266. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical was found in Veeam Backup & Replication up to 12.1.2.172. Affected by this vulnerability is an unknown functionality. The manipulation leads to deserialization. This vulnerability is known as CVE-2024-40711. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.