Aggregator

A vulnerability classified as problematic has been found in PyPA Wheel up to 0.37.1. This affects an unknown part of the component CLI. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2022-40898. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in grpc and classified as problematic. This issue affects some unknown processing of the component HTTP2 Stack. The manipulation leads to expected behavior violation. The identification of this vulnerability is CVE-2023-32731. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

In this Help Net Security interview, Niv Braun, CEO at Noma Security, discusses the difficulties security teams face due to the fragmented nature of AI processes, tools, and teams across the data and AI lifecycle. Braun also shares insights on how organizations can address these challenges and improve their AI security posture. How is the growing AI model sprawl impacting governance, and what strategies are being implemented to mitigate compliance risks? The new focus on … More →

The post Securing AI’s new frontier: Visibility, governance, and mitigating compliance risks appeared first on Help Net Security.

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X. The

From deals to DDoS: exploring Cyber Week 2024 Internet trends

Квантовые батареи обещают ввести новый стандарт хранения энергии.

A vulnerability, which was classified as critical, has been found in User-mode Linux 2.4.17-8. Affected by this issue is some unknown functionality of the component Kernel Address Space Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2002-2016. Attacking locally is a requirement. Furthermore, there is an exploit available.

Одна кибератака объединила 2 страны в борьбе с хакерами.

The geographic distribution of open-source contributions introduces geopolitical risks that organizations must urgently consider, especially with rising nation-state attacks, according to Lineaje. Open-source code risks rise with anonymous contributions Microsoft estimates that its customers face 600 million cyberattacks daily, 24% of which are nation-state attackers targeting the IT sector. With software supporting increasingly vital systems, the origin of code has become a matter of national and economic security. 34% of open-source contributions come from the … More →

The post 70% of open-source components are poorly or no longer maintained appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in GNU binutils 2.28. Affected is the function coff_set_alignment_hook of the file coffcode.h of the component BFD Handler. The manipulation leads to improper resource management. This vulnerability is traded as CVE-2017-8421. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in GNU binutils 2.28. Affected is the function disassemble_bytes of the file objdump.c. The manipulation as part of Binary File leads to memory corruption. This vulnerability is traded as CVE-2017-9746. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in GNU binutils 2.28. This affects an unknown part of the file SHT_REL/SHR_RELA of the component BFD Library. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-8393. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in GNU binutils 2.28 and classified as problematic. This vulnerability affects unknown code of the component _bfd_elf_large_com_section. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2017-8394. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GNU binutils 2.28. It has been classified as problematic. Affected is an unknown function of the component BFD Library. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2017-8396. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in GNU binutils 2.28. Affected by this issue is the function bfd_dwarf2_find_nearest_line of the component BFD Library. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2017-8392. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

FBI, CISA say Chinese hackers are still lurking in US telecom systems

Сектор критической инфраструктуры всё ещё недооценивает опасность киберинцидентов.

A vulnerability classified as problematic has been found in GNU glibc. This affects the function money_format. The manipulation of the argument first leads to numeric error. This vulnerability is uniquely identified as CVE-2009-4880. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.