Aggregator

Former President’s Win Could Bring Major Changes to U.S. Cyber Policy, Experts Say
Republican Donald Trump's return to the White House in January could bring significant changes to technology and cybersecurity policy in the United States, potentially reshaping federal approaches to AI regulation, industry investment and national security against rising digital threats.

Purchasing Israeli Startup Will Expand SaaS Security and Identity Threat Protection
CrowdStrike has agreed to acquire SaaS security leader Adaptive Shield to deliver identity-based protection across cloud and hybrid environments. The acquisition offers clients comprehensive SaaS security posture management, bridging on-premises and cloud identity defenses to thwart modern threats.

Microsoft has started testing AI-powered Notepad text rewriting and Paint image generation tools four decades after the two programs were released in the 1980s. [...]

A vulnerability classified as critical was found in Apple Mac OS X up to 10.11.4. This vulnerability affects unknown code of the component libc. The manipulation leads to memory corruption. This vulnerability was named CVE-2016-1832. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

In today’s data-driven landscape, sensitive information—like PII (Personally Identifiable Information), PHI (Protected Health Information), and PCI (Payment Card Information)—sprawls across enterprise systems. For data teams, keeping tabs on this data has become a formidable task. Sensitive data discovery, the process of locating, classifying, and securing this information, is no longer optional. But with sensitive data […]

The post Sensitive Data Discovery for Enterprises: Turning Data Chaos into Compliance first appeared on Accutive Security.

The post Sensitive Data Discovery for Enterprises: Turning Data Chaos into Compliance appeared first on Security Boulevard.

Google Cloud says it is taking a phased approach to making MFA mandatory for all users by the end of 2025 to help bolster the cyber-protections against increasingly sophisticated cyberattacks.

The post Google Cloud: MFA Will Be Mandatory for All Users in 2025 appeared first on Security Boulevard.

EvilMorocco Hacktivism Allegedly Leaked Data of Ministry of Health of Algeria

A vulnerability classified as critical was found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This vulnerability affects unknown code of the file /interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xsl. The manipulation of the argument bookrecno leads to sql injection. This vulnerability was named CVE-2024-10947. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This affects an unknown part of the file /interlib/admin/SysLib?cmdACT=inputLIBCODE&mod=batchXSL&xsl=editLIBCODE.xsl&libcodes=&ROWID=. The manipulation of the argument sql leads to sql injection. This vulnerability is uniquely identified as CVE-2024-10946. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Mozilla Firefox up to 125. It has been rated as problematic. Affected by this issue is some unknown functionality of the component iFrame Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-10941. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #434450 / VDB-283366

Submit #434449 / VDB-283365

Interpol disrupts 22,000 malicious IP addresses, 59 servers, 43 electronic devices, and arrests 41 suspected cybercriminals.

Georgia, a ransomware attack disrupted Memorial Hospital and Manor’s access to its Electronic Health Record system. A ransomware attack hit Memorial Hospital and Manor in Bainbridge, Georgia, and disrupted the access to its Electronic Health Record system. Memorial Hospital and Manor is a community hospital and healthcare facility that serves Decatur County and surrounding areas […]

A vulnerability was found in RabbitMQ Server. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-51988. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in capricorn86 happy-dom up to 15.10.1. It has been classified as critical. Affected is an unknown function. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-51757. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Gradio up to 5.4.x and classified as critical. This issue affects some unknown processing of the component File/UploadButton. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-51751. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in twigphp Twig up to 3.11.1/3.14.0 and classified as problematic. This vulnerability affects the function __isset. The manipulation leads to exposure of resource. This vulnerability was named CVE-2024-51755. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in twigphp Twig up to 3.11.1/3.14.0. This affects the function __toString. The manipulation leads to exposure of resource. This vulnerability is uniquely identified as CVE-2024-51754. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.