Aggregator

阿里云先知灯塔系列城市安全沙龙第六场-北京站将于11月8日至11月9日在北京北邮科技大厦举办。11月9日上午场是先知安全沙龙星地融合网络安全研讨会（议题敬请期待，本周内发布），下午场是先知安全沙龙北京

A vulnerability has been found in Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SEPP. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-0778. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle Communications Cloud Native Core Unified Data Repository 22.2.0. Affected is an unknown function of the component UDR. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-0778. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle Communications Core Session Manager 8.2.5/8.4.5. Affected by this vulnerability is an unknown functionality of the component Security. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-0778. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Communications Operations Monitor 4.3/4.4/5.0. Affected by this issue is some unknown functionality of the component Mediation Engine. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-0778. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 12.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component LibreSSL. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-0778. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Apple macOS up to 12.3. This vulnerability affects unknown code of the component OpenSSL. The manipulation leads to denial of service. This vulnerability was named CVE-2022-0778. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle MySQL Connectors up to 8.0.28 and classified as critical. Affected by this issue is some unknown functionality of the component Connector/C++. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-0778. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle MySQL Connectors up to 8.0.28. It has been classified as critical. This affects an unknown part of the component Connector/ODBC. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-0778. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle MySQL Enterprise Monitor up to 8.0.29. It has been rated as critical. This issue affects some unknown processing of the component Monitoring. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-0778. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle MySQL Server up to 5.7.37/8.0.28. Affected by this vulnerability is an unknown functionality of the component Packaging. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-0778. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle MySQL Workbench up to 8.0.28. Affected by this issue is some unknown functionality of the component libssh. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-0778. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in OpenSSL up to 1.0.2zc/1.1.1m/3.0.1. This affects the function BN_mod_sqrt of the component Non-prime Moduli Handler. The manipulation leads to infinite loop. This vulnerability is uniquely identified as CVE-2022-0778. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle GraalVM Enterprise Edition 20.3.5/21.3.1/22.0.0.2. It has been classified as critical. This affects an unknown part of the component Node. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-0778. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Strategies for Safeguarding Data and Reputation at Financial Institutions
In today's increasingly digital world, trust isn't always easy to come by. Businesses no longer have complete control over their technology stack. Instead, they rely heavily on third-party solutions, applications and products to keep operations running smoothly. But those third parties pose risks.

When a large hospital in an urban area is shut down by ransomware, the disruption can be significant, but when a rural hospital faces a similar cyber outage, the impact on patient safety and the community can be extreme, said Nitin Natarajan of the Cybersecurity and Infrastructure Security Agency.

Academics Build AI Agent With OpenAI to Execute Phone Scams at Scale
Hackers can use OpenAI's real-time voice API to carry out for less than a dollar deepfake scams involving voice impersonations of government officials or bank employees to swindle victims, said researchers at the University of Illinois Urbana-Champaign.

Forrester's Cody Scott on Why 2025 Will Be Pivotal for Security Leaders
Forrester's 2025 Predictions for Cybersecurity, Risk and Privacy report forecasts that security leaders will scale back generative AI investments by 10%. AI productivity gains have fallen short of expectations, forcing CISOs to reprioritize budgets and reassess gen AI’s role in security operations.

Series D Funding on $4.2B Valuation to Support OT, Medical Device Security Growth
Armis has closed a $200 million Series D funding round on a $4.2 billion valuation to drive growth in cyber exposure management with a focus on acquisitions and federal expansion. CEO Yevgeny Dibrov says the funds will accelerate Armis' work in operational technology and medical device security.