Aggregator

SmokeLoader malware identified targeting Taiwanese firms via phishing, exploiting Microsoft Office vulnerabilities

In an effort to turn the tide, Mozilla is testing a fresh approach that could persuade more people to switch their default browser on Windows during the installation of the browser. [...]

Mozilla is testing a fresh approach that could persuade more people to switch their default browser on Windows. [...]

Skyflow unveiled new capabilities for Agentic AI. These allow enterprises to build and deploy AI agents with a security and privacy trust layer with features that include protecting sensitive data flowing in and out of AI agents, auditing & logging, governance, and compliance with global and regional data protection measures. There is a new ecosystem emerging for agentic apps – built on a new AI data stack. Skyflow is announcing partnerships with Databricks, the data … More →

The post Skyflow protects sensitive data flowing in and out of AI agents appeared first on Help Net Security.

叙事和有效的数据支持是项目成功的关键，Web3 讲叙事，Web2 也一样。

Microsoft is readying a new release of Windows in 2025 that will have significant security controls, such as more resilient drivers and a "self-defending" operating system kernel.

根据发表在《Science Advances》期刊上的一项研究，海洋对气候的冷却作用超过预期。生活在海洋表面的微小浮游生物会释放出气体形式的硫化物二甲基硫（dimethyl sulphide），而二甲基硫一旦进入大气会氧化形成气凝胶。气溶胶会将部分太阳辐射反射回太空，减少保留在地球上的热量。当它们形成云层时其冷却效应会放大，其作用与温室气体如二氧化碳或甲烷正好相反。这项研究突出了硫化气凝胶的作用，研究人员还强调了人类活动对气候的影响程度，如不采取行动，地球将继续暖化。

A vulnerability, which was classified as critical, was found in Moodle up to 3.11.4. Affected is an unknown function of the component h5p Activity Web Service. The manipulation leads to sql injection. This vulnerability is traded as CVE-2022-0332. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Radiant Logic announces the expansion of its central intelligence hub solution, RadiantOne, to now include Identity Observability. Building on the identity security foundation of Identity Data Management and Identity Analytics, Identity Observability allows the world’s most complex organizations to access an intuitive map of their entire identity infrastructure with 360° continuously streaming visibility, an intelligent risk collaboration hub, and seamless AI-powered risk remediation workflows. For large organizations wrestling with identity sprawl or legacy architectures, the … More →

The post Radiant Logic provides continuous identity hygiene assessments via real-time streaming data appeared first on Help Net Security.

Ready for a more rewarding dive into your blue team investigations? Well, we have made new updates to Sherlocks that will give you momentum and a bonus to time well spent.

Компания строит глобальную независимую сеть.

Veracode announced innovations to help developers build secure-by-design software, and security teams reduce risk across their code-to-cloud ecosystem. The latest enhancements in Veracode Fix and Veracode Risk Manager, formerly known as Longbow Security, give developers the ability to build software, assess risk, and remediate at the click of a button in their preferred environment. “Six months ago, we proudly signed the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure By Design pledge, which set out to … More →

The post Veracode unveils innovations for secure software development appeared first on Help Net Security.

实现效率、质量、安全的三者兼得

实现效率、质量、安全的三者兼得

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables. It has been rated as critical. This issue affects some unknown processing of the component Sensor Packet Parser. The manipulation leads to use of out-of-range pointer offset. The identification of this vulnerability is CVE-2024-33036. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables. Affected is an unknown function of the component NPU Firmware. The manipulation leads to buffer over-read. This vulnerability is traded as CVE-2024-33037. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile and Snapdragon Wearables. Affected by this vulnerability is an unknown functionality of the component Release Command Handler. The manipulation leads to use after free. This vulnerability is known as CVE-2024-33040. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Qualcomm Snapdragon Auto and Snapdragon Wearables. Affected by this issue is some unknown functionality of the component PAL Service API. The manipulation leads to untrusted pointer dereference. This vulnerability is handled as CVE-2024-33039. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Technology and Snapdragon Wearables. This affects an unknown part of the component SMR/S2CR. The manipulation leads to improper validation of array index. This vulnerability is uniquely identified as CVE-2024-33044. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.