Aggregator

A vulnerability has been found in Linux Kernel up to 6.6.36/6.9.7 and classified as critical. Affected by this vulnerability is the function drm_file_update_pid of the component drm_file. The manipulation leads to use after free. This vulnerability is known as CVE-2024-39486. The attack needs to be done within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.9.7. It has been rated as problematic. Affected by this issue is the function bch2_sb_downgrade_validate of the component bcachefs. The manipulation leads to algorithm downgrade. This vulnerability is handled as CVE-2024-41086. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.40/6.9.9. Affected by this vulnerability is the function crst_table_free. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-42235. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.9.9. Affected by this issue is some unknown functionality of the component cachestat. The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE-2024-41033. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.9.10. Affected by this vulnerability is the function dml2_calculate_rq_and_dlg_params of the component AMD Display. The manipulation leads to improper validation of array index. This vulnerability is known as CVE-2024-41061. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.38/6.9.8. It has been declared as critical. This vulnerability affects the function mtk_vcodec_mem_free of the component mediatek. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2023-52888. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.9.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to insufficiently random values. This vulnerability is known as CVE-2024-42091. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.9.8. It has been classified as critical. Affected is the function dml_core_mode_programming of the component AMD Display. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-42227. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.9.8 and classified as problematic. Affected by this issue is the function fs_bdev_thaw. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-42149. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Making the Case for Stronger Mid-Market Cybersecurity
Cybersecurity is an ever-evolving field. Verizon's Trusted Connection provides strong, easy-to-manage security for mid-market organizations. With a focus on usability, adaptability and comprehensive protection, Trusted Connection can help safeguard your organization's operations today, and in the future.

CIO Alex Gallo on Balancing Digital Change, Security and Continuous Learning
Alex Gallo, CyberEdBoard member and CIO, shared how he drives secure digital transformation by balancing AI integration with cybersecurity, fostering a security-first culture, and emphasizing continuous learning across his teams and the organization’s leadership.

Plastic Surgeon Paid $53K Ransom But Says ‘the Real Criminal’ Is HHS
Dr. James Breit recalled the day a hacker locked up his systems with ransomware at his plastic surgery practice. He paid $53,000 in ransom. Nearly, seven years later, after paying a $500,000 HIPAA fine, Breit claims he got better treatment from the cybercriminals than he did federal regulators.

Yakabod Deal to Strengthen Everfox's Insider Risk, Cyber Incident Response Platform
With its acquisition of Yakabod, Everfox expands capabilities in insider risk and cyber incident management. The move promises stronger integration and greater control over security workflows, benefiting public sector and critical infrastructure clients who operate in highly regulated environments.

Hackers Using Password Spraying to Steal User Microsoft Account Credentials
Multiple Chinese hacking groups are using a botnet named for a TCP routing port number to conduct password spraying attacks, warned Microsoft Thursday. The Quad7 operators are almost certainly located in China. Botnet activity can be difficult to monitor.

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 西南民族大学国家安全与区域发展研究院研究员 常华仁；西南民族大学国家安全与区域发展研究院名誉院长 曾明未成年人健

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-823410632024年10月4日，欧盟法院对“MS诉M公司案”作出判决。欧盟法院明确，社交网络平台运营商在处理用户的个人数据以用于向

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063传统的网络犯罪形态随着互联网、物联网、大数据、人工智能等技术的快速更迭发生嬗变，利用计算机技术和互联网平台进行犯罪活动的

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 清华大学公共管理学院教授 孟庆国“指尖上的形式主义”是指形式主义在数字化背景下的新变种，它增加了基层行政人员和群

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 复旦大学国际关系与公共事务学院数字与移动治理实验室主任、教授 郑磊公共数据资源具有巨大的开发利用潜力，而要想让公