Aggregator

对生命至关重要的碳元素是如何形成并在宇宙中广泛传播的？天文学家一直试图解答这一问题。研究团队利用韦伯太空望远镜对距地球约 5,000 光年的 Wolf-Rayet 系统 WR140 进行了详细观测，揭示了其生成富碳尘埃的过程。Wolf-Rayet 星是大质量恒星演化至末期的一种特殊天体，而 WR140 由两颗 Wolf-Rayet 星组成。每隔八年这对恒星在各自细长的轨道上相互掠过时，其恒星外围大气碰撞，压缩物质并形成富碳尘埃壳层。在每次相遇期间，它们会生成一层新的碳尘埃壳，这些壳层随后向外膨胀扩散，最终可能成为银河系中其他新恒星的组成部分。韦伯的中红外线观测显示，WR140 已形成至少 17 层定期向外膨胀的碳尘埃壳。数据显示，这些尘埃壳以稳定的速度向外扩展，每层以每秒超过 2,600公 里的速度远离恒星，接近光速的 1%。观测结果进一步证实，这对恒星每隔八年如时钟般稳定地生成新的尘埃壳层。目前已检测到存在超过 130 年的尘埃壳，而更古老的尘埃壳因逐渐消散而变得过于黯淡，无法检测。研究人员推测，这对恒星最终可能在数十万年的时间内生成数万层尘埃壳。作为超大质量恒星，它们命运可能是超新星爆发，也可能塌缩成黑洞。

Administration Officials Say Executive Order is 'Pretty Bipartisan'
An executive order set for publication Thursday during the final countdown of the Biden administration aims to use federal purchasing power as a main lever for coaxing the private sector into better cybersecurity. The order also strengthens sanctions authority against hackers.

Новая инициатива направлена на оперативный обмен критически важной информацией.

While the power and potential of GenAI is evident for IT and security, the use cases in the security field are surprisingly immature largely due to censorship and guardrails that hamper many models’ utility for cybersecurity use cases.   

The post What is an Uncensored Model and Why Do I Need It appeared first on Security Boulevard.

The leak likely comes from a zero-day exploit affecting Fortinet’s products

Скорее обновите браузер, пока хакеры не получили доступ к вашим данным.

Силовики изъяли телефоны сотрудников и документы.

The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying to juggle chainsaws while riding a unicycle. Traditional trust management? Forget it. It's simply not built for today's fast-paced, hybrid environments. You need a

Защита персональных данных снова стала важной проблемой.

Почему иностранные авто больше не смогут ездить в США?

A proposed settlement order from the FTC will require GoDaddy to strengthen its security practices following multiple data breaches at the web hosting giant

Digital tools are reshaping the traditional K-12 learning experience, unleashing a wave of benefits in the process. This guide explores the significance of digital tools for the classroom and how they can support your school district in creating a dynamic, tech-enabled learning environment.  The power of digital classroom technology Education technology tools are software applications, ...

The post Top Digital Tools for the Classroom appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Top Digital Tools for the Classroom appeared first on Security Boulevard.

According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malwar

Today, CISA—in partnership with the Defense Advanced Research Projects Agency (DARPA), the Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), and the National Security Agency (NSA)—published Closing the Software Understanding Gap. This report urgently implores the U.S. government to take decisive and coordinated action.

 Software understanding refers to assessing software-controlled systems across all conditions. Mission owners and operators often lack adequate capabilities for software understanding because technology manufacturers build software that greatly outstrips the ability to understand it. This gap, along with the lack of secure by design software being created by technology manufacturers, can lead to the exploitation of software vulnerabilities.

 The U.S. government has engaged in activities that have paved the way toward improving software understanding, including research investments, mission agency initiatives, and policy actions. This report further explores the opportunity for enhanced coordination to strengthen technical foundations and progress towards a more vigorous understanding of software on a national scale. To learn more about development practices and principles that build cybersecurity into the design and manufacture of technology products, visit CISA’s Secure by Design webpage.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released twelve Industrial Control Systems (ICS) advisories on January 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-016-01 Siemens Mendix LDAP
• ICSA-25-016-02 Siemens Industrial Edge Management
• ICSA-25-016-03 Siemens Siveillance Video Camera
• ICSA-25-016-04 Siemens SIPROTEC 5 Products
• ICSA-25-016-05 Fuji Electric Alpha5 SMART
• ICSA-25-016-06 Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN Products
• ICSA-25-016-07 Hitachi Energy FOX61x Products
• ICSA-25-016-08 Schneider Electric Data Center Expert
   
• ICSA-24-058-01 Mitsubishi Electric Multiple Factory Automation Products (Update A)
• ICSA-25-010-03 Delta Electronics DRASimuCAD (Update A)
• ICSA-24-191-05 Johnson Controls Inc. Software House C●CURE 9000 (Update A)
• ICSA-24-030-02 Mitsubishi Electric FA Engineering Software Products (Update B)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

#软件资讯 微软似乎已通过后端服务器禁用 UWP 版邮件和日历应用，目前无法正常登录任何邮箱，已登录的账号也无法接收和发送邮件。这种情况倒是没让人意外，毕竟微软在 2024 年已经预告