Aggregator

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.90/6.6.30/6.8.9. This affects the function blk_ioctl_discard of the component block. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2024-36917. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.9. It has been rated as problematic. Affected by this issue is the function accept_memory. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-36936. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.7/6.9-rc4. It has been classified as critical. Affected is the function nft_mapelem_activate of the component nf_tables. The manipulation leads to memory leak. This vulnerability is traded as CVE-2024-27012. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

error code: 521

「免费」魔力。

由

watchTowr announced a $19 million Series A funding round led by Peak XV, formerly known as Sequoia India & Southeast Asia, with repeat participation from Prosus Ventures and Cercano Management. The company will use the funds to capture market leadership and accelerate global growth by expanding its go-to-market, research and engineering teams. The latest investment brings its total funding raised to $29 million. Over the past year, watchTowr has seen significant adoption from critical infrastructure … More →

The post watchTowr raises $19 million to accelerate global growth appeared first on Help Net Security.

Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a use-after-free vulnerability in the browser’s Animation timelines and, according to Mozilla, has been exploited to achieve code execution in the content process. Additional details about the vulnerability or the attacks are yet to be shared. According to … More →

The post Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) appeared first on Help Net Security.

Dr.Web раскрывает схему масштабного обмана на тысячи долларов.

Vulnerability / Browser SecurityMozilla has revealed that a critical security flaw impacting Firef

这篇文字来自 heige 投稿，我好像很久都没打理本懒号了，突然感觉也挺对得起本懒号的名字...

Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck. "A vulnerability in the Nortek Linear eMerge E3 allows remote

最新版本

目前，尚不确定 Mallox Linux 1.0 变体是由单个附属机构、多个附属机构还是所有 Mallox 勒索软件运营商与 Linux 变体一起使用。

我们将在留言中抽取3位幸运者，每位中奖者将会获得由GEEKCON组委会提供的免费门票1张。

Responding directly to an increased global threat environment, Fivecast launched a Discovery solution that empowers analysts and investigators across both the Government and Corporate sectors to uncover intelligence insights faster to help protect communities and businesses. Fivecast Discovery automates and accelerates the processes of digital footprinting, information verification and identity resolution. These capabilities significantly enhance the crucial initial stages of intelligence investigations which can typically be impeded by huge data volumes, complex threats and resource … More →

The post Fivecast Discovery drives better analytical outputs appeared first on Help Net Security.

Федеральные агентства получили строгие сроки для устранения киберугроз.

CISA has observed cyber threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to enumerate other non-internet facing devices on the network. F5 BIG-IP is a suite of hardware and software solutions designed to manage and secure network traffic. A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network.  
 

CISA urges organizations to encrypt persistent cookies employed in F5 BIG-IP devices and review the following article for details on how to configure the BIG-IP LTM system to encrypt HTTP cookies. Additionally, F5 has developed an iHealth heuristic to detect and alert customers when cookie persistence profiles do not have encryption enabled. BIG-IP iHealth is a diagnostic tool that "evaluates the logs, command output, and configuration of a BIG-IP system against a database of known issues, common mistakes, and published F5 best practices" to help users verify the optimal operation of their BIG-IP systems.

CISA released twenty-one Industrial Control Systems (ICS) advisories on October 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-284-01 Siemens SIMATIC S7-1500 and S7-1200 CPUs
• ICSA-24-284-02 Siemens Simcenter Nastran
• ICSA-24-284-03 Siemens Teamcenter Visualization and JT2Go
• ICSA-24-284-04 Siemens SENTRON PAC3200 Devices
• ICSA-24-284-05 Siemens Questa and ModelSim
• ICSA-24-284-06 Siemens SINEC Security Monitor
• ICSA-24-284-07 Siemens JT2Go
• ICSA-24-284-08 Siemens HiMed Cockpit
• ICSA-24-284-09 Siemens PSS SINCAL
• ICSA-24-284-10 Siemens SIMATIC S7-1500 CPUs
• ICSA-24-284-11 Siemens RUGGEDCOM APE1808
• ICSA-24-284-12 Siemens Sentron Powercenter 1000
• ICSA-24-284-13 Siemens Tecnomatix Plant Simulation
• ICSA-24-284-14 Schneider Electric Zelio Soft 2
• ICSA-24-284-15 Rockwell Automation DataMosaix Private Cloud
• ICSA-24-284-16 Rockwell Automation DataMosaix Private Cloud
• ICSA-24-284-17 Rockwell Automation Verve Asset Manager
• ICSA-24-284-18 Rockwell Automation Logix Controllers
• ICSA-24-284-19 Rockwell Automation PowerFlex 6000T
• ICSA-24-284-20 Rockwell Automation ControlLogix
• ICSA-24-284-21 Delta Electronics CNCSoft-G2

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

The Baldrige Award was redesigned earlier this year to focus on organizational resilience.