Aggregator

A vulnerability was found in Progress OpenEdge up to 11.7.18/12.2.14/12.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component ActiveMQ Discovery Service. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-7654. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Researchers say password reset attacks have grown fourfold in the last year and one in four password reset attempts are fraudulent

A vulnerability was found in Gna Beryo 2.0/2.4. It has been classified as problematic. This affects an unknown part of the file downloadpic.php. The manipulation of the argument chemin leads to path traversal. This vulnerability is uniquely identified as CVE-2007-1929. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

惠普在 2011 年以 110 亿美元收购了英国软件公司 Autonomy，第二年就减记 88 亿美元，惠普随后指控Autonomy 存在严重会计违规操作行为。公司创始人 Mike Lynch 以及财务副总裁 Steve Chamberlain 都受到欺诈指控。但上个月两位被告先后因意外事故死亡。惠普企业（HPE）现在确认将继续推进这起欺诈诉讼。它寻求索赔 40 亿美元，它于 2022 年在英国高等法院赢得了对 Lynch 的民事诉讼，但审理此案的法官表示最终赔偿金额将大幅低于索赔金额。

A vulnerability classified as critical has been found in Atlassian FishEye up to 1.6.5.x. This affects an unknown part of the component Capabilities. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2012-2926. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

《雨中冒险（Risk of Rain）》系列游戏原开发团队 Hopoo Games 宣布它的大部分成员加入了 Valve 公司。而 Hopoo Games 本身将不复存在。《雨中冒险》IP 控制在 Gearbox 手中，预计会由 Gearbox 继续开发和维护，而由 Gearbox 开发的《雨中冒险2》扩展《风暴探寻者》受到了差评如潮的玩家评价。Valve 手中有多个游戏项目正在开发，其中之一是正在测试的 Deadlock，以及可能的《半条命》系列新作。Hopoo Games 团队可能会加入这些项目的开发。

A vulnerability was found in Adobe Acrobat Reader up to 11.0.22/2015.006.30355/2017.011.30066/2017.012.20098. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2017-16401. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Authors/Presenters:Zhiyuan Zhang, Gilles Barthe, Chitchanok Chuengsatiansup, Peter Schwabe, Yuval Yarom

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Ultimate SLH: Taking Speculative Load Hardening To The Next Level appeared first on Security Boulevard.

Authors/Presenters:Zhiyuan Zhang, Gilles Barthe, Chitchanok Chuengsatiansup, Peter Schwabe, Yuval Yarom

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Ultimate SLH: Taking Speculative Load Hardening To The Next Level appeared first on Security Boulevard.

A vulnerability was found in Adobe Acrobat Reader up to 11.0.22/2015.006.30355/2017.011.30066/2017.012.20098. It has been classified as critical. This affects an unknown part. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2017-16400. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome 4.0.249.0. It has been classified as critical. Affected is the function WebCore::CSSSelector. The manipulation leads to improper resource management. This vulnerability is traded as CVE-2010-1029. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Новый проект DARPA разрабатывался на основе самых строгих криптографических стандартов.

Recently in our webinar series with Amazon Web Services (AWS) and Fortify by OpenText™, our third installment, "The Power of SBOMs: Regulations Looming," brought the panel together to discuss the evolving role of software bills of materials (SBOMs) amidst tightening global regulations.

The post Navigating new regulations and the role of SBOMs in software security appeared first on Security Boulevard.

U.S. oil company Halliburton disclosed a data breach following the RansomHub ransomware gang attack that occurred in August. In August, Halliburton, a major U.S. oil company, announced that a cyberattack hit its IT infrastructure, particularly impacting operations at its Houston offices. Halliburton Company is an American multinational corporation and the world’s second largest oil service company which is […]

Valve 掌机 Steam Deck 及其操作系统 SteamOS 的成功吸引了对基于 Linux 的游戏操作系统的投资。Playtron 公司正在开发基于 Fedora Silverblue 的游戏操作系统 PlaytronOS，它最近获得了日本游戏公司 Square Enix 的投资。与 SteamOS 不同之处在于它不仅集成了 Steam，还集成了其它流行客户端如 GOG 和 Epic Games。它释出的首个 Alpha 版本已在掌机 AYANEO 2、ASUS ROG Ally、GPD Win 4 (2023)、联想 Legion Go、Valve Steam Deck LCD 和 Valve Steam Deck OLED 上进行了测试。

A vulnerability was found in YaBB SE 0.8/1.4.1/1.5.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument language leads to file inclusion. This vulnerability is known as CVE-2000-1176. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

还没导入k线数据，继续在测试。

Ping Identity announced the addition of key identity capabilities to its FedRAMP High & DoD IL5 offerings. With Ping Government Identity Cloud, federal agencies and government suppliers now have access to capabilities that enable them to boost compliance, security and experiences through modernizing identity, credential and access management. Following FedRAMP High certification, DOD Impact Level 5 (IL5) authorization, and joining with ForgeRock, Ping Government Identity Cloud now offers authorized identity capabilities for multi-factor authentication (MFA), … More →

The post Ping Identity strengthens security for federal agencies and government suppliers appeared first on Help Net Security.

In a recent podcast interview with Cybercrime Magazine's host, David Braue, Scott Schober, Cyber Expert, Author of "Hacked Again," and CEO of Berkeley Varitronics Systems, discusses the July 2024 CrowdStrike outage, explaining what happened and more. 

The post Microsoft-CrowdStrike Outage Explained appeared first on Security Boulevard.

A vulnerability was found in CJmall 4.1.8. It has been rated as critical. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-5855. Access to the local network is required for this attack. There is no exploit available.