Aggregator

发表在 PNAS 期刊上的一项研究揭示了栉水母（comb jellies 或 ctenophore Mnemiopsis leidyi）具有前所未有的反向发育能力。动物的生命周期通常遵循一个熟悉的模式：出生，生长，繁殖和死亡，给下一代让路。只有少数物种能偏离这一普遍原则，最著名的例子是“永生水母”杜氏灯塔水母，它可以从成年水母变回水螅体。栉水母被发现也具有这一能力。这一发现始于一个偶然的机会。研究人员在实验室观察动物时发现，一只成年栉水母从水箱中消失了，取而代之的似乎是一只幼虫。他们设计了实验，在受控条件下重现这种逆转。当暴露在饥饿和物理损伤的压力下时，栉水母表现出了非凡的能力，能从裂片形态变回胞囊幼虫阶段。在几个星期的时间里，它们不仅重塑了形态特征，而且有了完全不同的觅食行为。

error code: 1106

A vulnerability was found in NVIDIA BlueField 1, BlueField GA, BlueField LTS22 and BlueField LTS23. It has been classified as problematic. This affects an unknown part. The manipulation leads to improper handling of insufficient privileges. This vulnerability is uniquely identified as CVE-2024-0106. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in NVIDIA ConnectX4, ConnectX4 LX, ConnectX GA, ConnectX LTS22, ConnectX LTS23, BlueField 1, BlueField GA, BlueField LTS22 and BlueField LTS23 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper handling of insufficient privileges. This vulnerability is handled as CVE-2024-0105. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

《国防工业战略实施计划》(NDIS-IP)，详细列出了国防部如何加强国防工业基础（由负责建造军事硬件和武器系统的各种规模的私营企业组成的集合）的优先事项，详细说明了国防部将如何实现《国家国防工业战略》中列出的四个战略重点。

The Cybersecurity and Infrastructure Security Agency (CISA) introduced its inaugural international strategic plan, a roadmap for strengthening global partnerships against cyber threats.

The post CISA Strategic Plan Targets Global Cooperation on Cybersecurity appeared first on Security Boulevard.

Windows 10 即将于 2025 年 10 月 14 日终止支持，之后微软不再提供安全更新。根据 Statcounter 的统计，截至 2024 年 10 月，Windows 10 仍然是市场占有率最高的 Windows 版本，Windows 10 占 60.97%，之后是 Win11 35.55%，Win7 2.62%，Win8.1 0.31%，WinXP 0.28%，Win8 0.19%。Windows 10 的份额在逐月下降，但到明年 10 月它的用户群仍然会十分庞大，大部分不太可能会升级到 Windows 11（该版本提升了硬件需求）。对于这些用户，微软将向他们提供一次性的为期一年的扩展安全更新，费用为 30 美元。

总结推荐了本周的热点资讯、安全事件、一周好文和省心工具，保证大家不错过本周的每一个重点！

Следы искусственного интеллекта помогают вычислить фальшивые ресурсы.

Ads are everywhere. They generate revenue for site owners and can present related content to the we

Google 通常是在每年的第三或第四季度发布 Android 的一个大版本，但计划于明年释出的 Android 16 将提前到二季度。Android 14 是在 2023 年 10 月释出，Android 15 是在 2024 年 9 月发布的，这意味着 Android 16 只间隔最多 9 个月。Google 表示要将其最新的机器学习和 AI 功能更快的提供给开发者和用户。Google Android 高管 Seang Chau 称 AI 世界的发展速度非常快。

结合当下流行的混合办公场景，与大家探讨企业零信任安全架构建设。

A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. This vulnerability is known as CVE-2024-10654. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in sinatra. Affected is an unknown function of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to reliance on untrusted inputs in a security decision. This vulnerability is traded as CVE-2024-21510. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Omron SYSMAC-SE2. This issue affects some unknown processing of the component Sysmac Studio. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2024-49501. The attack needs to be approached locally. There is no exploit available.

Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 76% of organizations in the financial services sector, with 50% of organizations carrying critical security debt, according to Veracode. Financial sector apps accumulate more security debt With the average cost of a data breach in the financial industry estimated to be $6.08 million, the research comes at a critical time for one of the most highly targeted … More →

The post 50% of financial orgs have high-severity security flaws in their apps appeared first on Help Net Security.

Submit #434801 / VDB-282667

A vulnerability classified as very critical was found in Ricoh MFP. This vulnerability affects unknown code of the component Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-47939. The attack can be initiated remotely. There is no exploit available.