Aggregator

A vulnerability was found in Linux Kernel and classified as critical. This issue affects some unknown processing of the file arch/x86/entry/entry_64.S of the component NMI Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2015-3290. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in ISC DHCP 2.0/3.0/3.1/4.0/4.1.0. It has been rated as very critical. Affected by this issue is the function script_write_params of the file client/dhclient.c of the component DHCP Server. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2009-0692. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissions

A vulnerability has been found in Red Hat Linux 6.0/6.1/6.2 and classified as critical. This vulnerability affects unknown code of the file pam_console of the component PAM Module. The manipulation leads to improper privilege management. This vulnerability was named CVE-2000-0378. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Police records show ShotSpotter is wildly inaccurate in New York City

In this Help Net Security interview, Piotr Kijewski, CEO of The Shadowserver Foundation, discusses the organization’s mission to enhance internet security by exposing vulnerabilities, malicious activity, and emerging threats. Kijewski explains the foundation’s automated efforts to track and disrupt cybercrime, while providing support to law enforcement and offering capacity-building services globally. Could you provide an overview of the Shadowserver Foundation’s mission and approach to securing the internet? The Shadowserver Foundation’s mission is to make the … More →

The post How the Shadowserver Foundation helps network defenders with free intelligence feeds appeared first on Help Net Security.

Tips for Finding and Getting Security Jobs in a Global Market
Organizations ranging from multinational corporations to government agencies and international nonprofits require cybersecurity expertise. These roles often include exciting opportunities for travel or relocation, making them an attractive path for professionals ready to take their careers global.

Hackers can potentially use AI to manipulate data that's generated and shared by some health apps, diminishing the data's accuracy and integrity, said Sina Yazdanmehr and Lucian Ciobotaru of cybersecurity firm Aplite, describing a recent research project involving Google Health Connect.

Crimenetwork Served as a Platform for Illegal Goods and Services
German police arrested the suspected administrator of the largest German-speaking underground markets for illegal goods and services. Crimenetwork, online since 2012, was used to sell stolen data, drugs and forged documents. The platform had more than 100,000 users and 100 sellers.

Gravy Analytics and Mobilewalla Ordered to Implement Stronger Consent Measures
Two data brokers pledged to stop using geolocation data gleaned from smartphones to sell services that provide a window to the intimate lives of Americans. "Surreptitious surveillance by data brokers undermines our civil liberties," an U.S. Federal Trade Commission official said.

Privacy Advocates Warn of Risks from Expanding DHS Use of AI and Facial Recognition
The U.S. Department of Homeland Security is reportedly expanding its use of emerging surveillance tools, including drones and artificial intelligence, without proper safeguards as experts warn of potential privacy violations and risks involving facial recognition and third-party data usage.

French Police Reportedly Detain Accused Ryuk Money Launderer Ekaterina Zhdanova
An international investigation led by the U.K. busted Russian money cash-for-crypto laundering networks in an operation that's led to the arrest of 84 individuals and U.S. sanctions against others. One of the network allegedly laundered extortion money paid to the Ryuk ransomware group.

<p>From the team that brought you COFF Loader, CS-Situational-Awareness-BOF, CS-Remote-OPs-BOF, and numerous blogs on BOFs, we are excited to release our first on-demand class: Building BOFs. TrustedSec has had private…</p>

Digital Marketing: Empowering Decision-Making with AI-Driven Data Analytics

FBI shares tips on how to tackle AI-powered fraud schemes

A vulnerability, which was classified as problematic, has been found in Pensacola Web Designs Xtremeasp Photogallery 2.0. Affected by this issue is some unknown functionality of the file displaypic.asp. The manipulation of the argument catname leads to basic cross site scripting. This vulnerability is handled as CVE-2006-6936. The attack may be launched remotely. Furthermore, there is an exploit available.

Best practices suggestions: Cell phone data forensics

As the tokenized economy expands, the digital landscape is reshaped by decentralized systems and new forms of asset ownership. In this Help Net Security video, Jeremy Bradley, COO of Zama, explores the emerging privacy-preserving technologies that can help solve this challenge, focusing on Fully Homomorphic Encryption (FHE), which enables data to remain encrypted even during processing, positioning it as a potential cornerstone for secure, decentralized environments.

The post Building trust in tokenized economies appeared first on Help Net Security.

UK disrupts Russian money laundering networks used by ransomware

A vulnerability, which was classified as problematic, has been found in OpenVAS Manager up to 4.0.3. Affected by this issue is some unknown functionality of the component OMP Authentication Handler. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2013-6765. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.