Aggregator

Родительский контроль бессилен перед лицом новой киберугрозы.

A vulnerability classified as critical was found in Progress OpenEdge up to 11.7.19/12.2.14. This vulnerability affects unknown code of the component Multi-Session Agent Handler. The manipulation leads to code injection. This vulnerability was named CVE-2024-7345. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

error code: 521

A vulnerability classified as problematic has been found in Progress OpenEdge up to 11.7.19/12.2.14. This affects an unknown part of the component TLS Handler. The manipulation leads to certificate with host mismatch. This vulnerability is uniquely identified as CVE-2024-7346. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Apple 发布会前瞻：屏幕更大、AI 更强，除了 iPhone 还有哪些看点？上周，Apple 发出了 9 月发布会的官方邀请函，确定在北京时间 9 月 10 日凌晨一点召开一年一度的秋季发布会。与

A vulnerability was found in Progress OpenEdge up to 11.7.18/12.2.14/12.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component ActiveMQ Discovery Service. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-7654. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Researchers say password reset attacks have grown fourfold in the last year and one in four password reset attempts are fraudulent

A vulnerability was found in Gna Beryo 2.0/2.4. It has been classified as problematic. This affects an unknown part of the file downloadpic.php. The manipulation of the argument chemin leads to path traversal. This vulnerability is uniquely identified as CVE-2007-1929. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

惠普在 2011 年以 110 亿美元收购了英国软件公司 Autonomy，第二年就减记 88 亿美元，惠普随后指控Autonomy 存在严重会计违规操作行为。公司创始人 Mike Lynch 以及财务副总裁 Steve Chamberlain 都受到欺诈指控。但上个月两位被告先后因意外事故死亡。惠普企业（HPE）现在确认将继续推进这起欺诈诉讼。它寻求索赔 40 亿美元，它于 2022 年在英国高等法院赢得了对 Lynch 的民事诉讼，但审理此案的法官表示最终赔偿金额将大幅低于索赔金额。

A vulnerability classified as critical has been found in Atlassian FishEye up to 1.6.5.x. This affects an unknown part of the component Capabilities. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2012-2926. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

《雨中冒险（Risk of Rain）》系列游戏原开发团队 Hopoo Games 宣布它的大部分成员加入了 Valve 公司。而 Hopoo Games 本身将不复存在。《雨中冒险》IP 控制在 Gearbox 手中，预计会由 Gearbox 继续开发和维护，而由 Gearbox 开发的《雨中冒险2》扩展《风暴探寻者》受到了差评如潮的玩家评价。Valve 手中有多个游戏项目正在开发，其中之一是正在测试的 Deadlock，以及可能的《半条命》系列新作。Hopoo Games 团队可能会加入这些项目的开发。

A vulnerability was found in Adobe Acrobat Reader up to 11.0.22/2015.006.30355/2017.011.30066/2017.012.20098. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2017-16401. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Authors/Presenters:Zhiyuan Zhang, Gilles Barthe, Chitchanok Chuengsatiansup, Peter Schwabe, Yuval Yarom

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Ultimate SLH: Taking Speculative Load Hardening To The Next Level appeared first on Security Boulevard.

Authors/Presenters:Zhiyuan Zhang, Gilles Barthe, Chitchanok Chuengsatiansup, Peter Schwabe, Yuval Yarom

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Ultimate SLH: Taking Speculative Load Hardening To The Next Level appeared first on Security Boulevard.

We deep dive into CVE-2024-27198, also known as the JetBrains TeamCity Multiple Authentication Bypass.

A vulnerability was found in Adobe Acrobat Reader up to 11.0.22/2015.006.30355/2017.011.30066/2017.012.20098. It has been classified as critical. This affects an unknown part. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2017-16400. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Новый проект DARPA разрабатывался на основе самых строгих криптографических стандартов.

Recently in our webinar series with Amazon Web Services (AWS) and Fortify by OpenText™, our third installment, "The Power of SBOMs: Regulations Looming," brought the panel together to discuss the evolving role of software bills of materials (SBOMs) amidst tightening global regulations.

The post Navigating new regulations and the role of SBOMs in software security appeared first on Security Boulevard.

U.S. oil company Halliburton disclosed a data breach following the RansomHub ransomware gang attack that occurred in August. In August, Halliburton, a major U.S. oil company, announced that a cyberattack hit its IT infrastructure, particularly impacting operations at its Houston offices. Halliburton Company is an American multinational corporation and the world’s second largest oil service company which is […]

Valve 掌机 Steam Deck 及其操作系统 SteamOS 的成功吸引了对基于 Linux 的游戏操作系统的投资。Playtron 公司正在开发基于 Fedora Silverblue 的游戏操作系统 PlaytronOS，它最近获得了日本游戏公司 Square Enix 的投资。与 SteamOS 不同之处在于它不仅集成了 Steam，还集成了其它流行客户端如 GOG 和 Epic Games。它释出的首个 Alpha 版本已在掌机 AYANEO 2、ASUS ROG Ally、GPD Win 4 (2023)、联想 Legion Go、Valve Steam Deck LCD 和 Valve Steam Deck OLED 上进行了测试。