Author: nlqip
Aug 24, 2024Ravie LakshmananElection Security / Threat Intelligence Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The…
Read More
Aug 24, 2024Ravie LakshmananVulnerability / Government Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the “Change Favicon”…
Read MoreApply appropriate updates provided by SolarWinds to vulnerable systems immediately after appropriate testing. (M1051: Update Software) Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard. Safeguard 7.2:…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-39717 Versa Director Dangerous File Type Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of…
Read MoreFriday Squid Blogging: Self-Healing Materials from Squid Teeth Making self-healing materials based on the teeth in squid suckers. Blog moderation policy. Tags: squid Posted on August 23, 2024 at 5:03 PM • Sidebar photo of Bruce Schneier by Joe MacInnis. Source link lol
Read More
Although this attack requires that the crawler has been enabled (it is disabled by default) and used at least once to generate a hash, the researchers further discovered than an unprotected Ajax handler could be called to trigger hash generation. “This means all sites using LiteSpeed Cache — not just those with its crawler feature…
Read More
The attack demonstrates the sophistication of Velvet Ant’s tactics Based on evidence found by Sygnia on a Cisco Nexus switch compromised by Velvet Ant, the attackers first exploited the command injection flaw in order to create a file with base64-encoded content. They then issued commands to decode the contents and save it to a file…
Read More
Image: Midjourney The American Radio Relay League (ARRL) confirmed it paid a $1 million ransom to obtain a decryptor to restore systems encrypted in a May ransomware attack. After discovering the incident, the National Association for Amateur Radio took impacted systems offline to contain the breach. One month later, it said its network was hacked…
Read More
Google recruited Noam Shazeer in a funding and licensing deal. Google has named Noam Shazeer, the Character.AI CEO and co-founder recruited in a funding deal with the startup, as a technical lead on its Gemini artificial intelligence project, according to multiple media reports. The Mountain View, Calif.-based cloud and AI vendor will have Shazeer work…
Read More
Microsoft has provided a workaround to temporarily fix a known issue that is blocking Linux from booting on dual-boot systems with Secure Boot enabled. The company says this temporary fix can help Linux users revive unbootable systems displaying “Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation” errors after installing the August 2024…
Read More