Aggregator

A vulnerability was found in Oracle Communications Billing and Revenue Management up to 12.0.0.8.0/15.0.0.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Platform. The manipulation leads to integer overflow. This vulnerability is known as CVE-2023-37536. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Oracle Communications Convergent Charging Controller up to 12.0.6.0.0/6.0.1.0.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Common Functions. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2023-37536. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Oracle Database Server 11.2.0.4/12.1.0.2/12.2.0.1/18c/19c. It has been rated as critical. Affected by this issue is some unknown functionality of the component bzip2. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2019-12900. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in bzip2 up to 1.0.6. It has been classified as critical. Affected is the function BZ2_decompress of the file decompress.c. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2019-12900. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Apple Mac OS X up to 10.11.4. Affected by this issue is some unknown functionality of the component MapKit. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2016-1842. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Google Cloud will take a phased approach to make multifactor authentication mandatory for all users.

The draft amendment also includes prison time for those who access systems to maliciously spy or intercept data.

SANS's "2024 State of ICS.OT Cybersecurity report" highlights the most common types of attack vectors used against ICT/OT networks.

Hackers are increasingly targeting Windows users with the malicious Winos4.0 framework, distributed via seemingly benign game-related apps. [...]

A vulnerability was found in novell Iprint Open Enterprise Server 2. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2010-4328. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

As the use of open source software (OSS) continues to grow, so do the challenges around maintaining security and efficiency in software dependency management.

The post Optimizing efficiency and reducing waste in open source software management appeared first on Security Boulevard.

A vulnerability has been found in Apple iOS up to 9.3.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component libc. The manipulation leads to memory corruption. This vulnerability is known as CVE-2016-1832. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Purchasing Israeli Startup Will Expand SaaS Security and Identity Threat Protection
CrowdStrike has agreed to acquire SaaS security leader Adaptive Shield to deliver identity-based protection across cloud and hybrid environments. The acquisition offers clients comprehensive SaaS security posture management, bridging on-premises and cloud identity defenses to thwart modern threats.

Security Professionals Must Continually Hone Technical and Communication Skills
In cybersecurity, there's no such thing as "done learning." The field's dynamic nature - driven by rapid technological advances and evolving threats - demands that professionals stay adaptable and proactive. It's essential for staying relevant, effective and prepared for what's next.

Burning Issues Include Russian Hacking, China's Hitting Critical Infrastructure
Four years since Trump's last term, the cyber picture looks - in many ways - markedly different. How will the incoming administration tackle Russian disinformation and cyber operations against NATO, rampant Chinese cyber espionage, and cybercriminals and ransomware continuing to disrupt businesses?

CyberEspionage 'Salt Typhoon' Operation Infiltrated Telcos' Infrastructure
The impact of a major U.S. national security breach attributed to China reportedly continues to expand, as investigators probe the infiltration of telecommunications infrastructure and eavesdropping on national security and policymaking officials' mobile phone communications.

Former President’s Win Could Bring Major Changes to U.S. Cyber Policy, Experts Say
Republican Donald Trump's return to the White House in January could bring significant changes to technology and cybersecurity policy in the United States, potentially reshaping federal approaches to AI regulation, industry investment and national security against rising digital threats.

Purchasing Israeli Startup Will Expand SaaS Security and Identity Threat Protection
CrowdStrike has agreed to acquire SaaS security leader Adaptive Shield to deliver identity-based protection across cloud and hybrid environments. The acquisition offers clients comprehensive SaaS security posture management, bridging on-premises and cloud identity defenses to thwart modern threats.

Microsoft has started testing AI-powered Notepad text rewriting and Paint image generation tools four decades after the two programs were released in the 1980s. [...]