Aggregator

WILMINGTON, Delaware, November 7th, 2024/Chainwire/--Rekt Brands Inc. (Rekt), the parent company beh

Also: LottieFiles Attack, Craig Wright's Contempt of Court
This week, Metawin hacks, LottieFiles attack, hackers used Ethereum smart contracts to target npm developers, Craig Wright faced contempt of court, Alameda sued KuCoin, Binance sought dismissal of a U.S. Securities and Exchange lawsuit, and Immutable received a Wells Notice.

Also: Ransomware Hackers Demand Baguettes
This week, Chinese spying, Italian hacking scandal, an FBI warning and Okta fixed a bug. Google mandated MFA, zero days in PTZOptics and a Mexican airport didn't pay ransom. Cybercriminals demanded baguettes, breach lettersin Ohio and Germany will shield white hats. The Italian DPA rebuked a bank.

Did Data Theft at Firm Also Affect Other Clients' Information?
A hacking incident at Thompson Coburn, a national law firm based in Missouri, has affected an unspecified number of patients of a healthcare sector client, Presbyterian Healthcare Services in New Mexico. But a big unanswered question is whether other clients were affected.

Noka 'Is Aware of Reports'
Finnish telecommunications equipment manufacturer Nokia is investigating the alleged posting of source code data on a criminal hacking forum. A hacker going by the handle of "IntelBroker" on Thursday posted what he said is a trove of "Nokia-related source code."

A CVSS score 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Simon Zuckerbraun - Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-11-08, 95 days ago. The vendor is given until 2025-03-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2024-11-08, 95 days ago. The vendor is given until 2025-03-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-11-08, 95 days ago. The vendor is given until 2025-03-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2024-11-08, 95 days ago. The vendor is given until 2025-03-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Exploration of AI accelerators and their impact on deploying Large Language Models (LLMs) at scale.P

Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. The Rust-based container runtime scanner runs as a container, detecting gaps in users’ container runtime isolation. It also provides guidance to improve users’ runtime environments to offer stronger isolation guarantees. “The status quo of containers is that they don’t contain. The lack of container isolation has dire consequences in a cloud native environment, including container escapes, … More →

The post Am I Isolated: Open-source container security benchmark appeared first on Help Net Security.

亚马逊正在制作基于《质量效应》系列的游戏改编电视剧，但故事核心不一定是围绕游戏主角指挥官 Shepherd，而可能是一则新故事，目前尚未确定。亚马逊今年上映的游改电视剧《辐射》大获成功。《质量效应》电视剧的编剧和执行制片人是 Daniel Casey，他最为人熟知的工作是担任《速度与激情 9：The Fast Saga》的主要编剧。另一位制片人 Karim Zreik 来自漫威电视剧部门，该部门曾为 Netflix 制作了《夜魔侠》和《Jessica Jones》。第三位制片人 Ari Arad 参与了游改电影《无主之地》和《神秘海域》，以及真人版《攻壳机动队》。

A vulnerability classified as very critical was found in Samba up to 3.6.x. This vulnerability affects the function ndr_ValidatePassword. The manipulation leads to numeric error. This vulnerability was named CVE-2012-1182. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

By Doug Milburn and Tom LawrenceIn recent years, the role of Managed Service Providers (MSPs) has r

A vulnerability was found in phpMyAdmin up to 4.0.10.11/4.4.15.1/4.5.3.0. It has been declared as problematic. This vulnerability affects unknown code of the file libraries/config/messages.inc.php of the component Error Message Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2015-8669. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that

Disclaimer: This post includes affiliate links; I may receive compensation if you purchase the book

A vulnerability was found in Linux Kernel up to 6.11.2. It has been classified as problematic. Affected is an unknown function of the component exec. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2024-50010. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.11. It has been classified as problematic. Affected is the function damon_sysfs_set_schemes. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2022-48996. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.