Aggregator

A vulnerability, which was classified as very critical, has been found in DRAM. Affected by this issue is some unknown functionality of the component PTE Handler. The manipulation leads to improper privilege management (Rowhammer). This vulnerability is handled as CVE-2015-0565. The attack may be launched remotely. Furthermore, there is an exploit available. This vulnerability has a historic impact due to its background and reception. It is recommended to apply the suggested workaround.

A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Affected is an unknown function of the file /backend/doc/his_doc_update-account.php. The manipulation of the argument doc_dpic leads to unrestricted upload. This vulnerability is traded as CVE-2024-11674. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Mozilla Firefox up to 132 on Android. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2024-11703. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

Ransomware-hit vodka maker Stoli files for bankruptcy in the United States

Vulnerabilities in ICS: A Detailed Analysis of Recent Security Advisories and Threats

Australia’s ACSC and ASD Team Up with CISA, NSA, FBI, and International Allies to Protect Communications Infrastructure

Chinese-Made LiDAR Systems a National Security Risk, Think Tank Says

U.S. Offered $10M for Hacker Just Arrested by Russia

Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say.

AI is reshaping the fight against digital threats. Learn how attackers are using AI to supercharge malware and social engineering—and how organizations can harness it to predict, detect, and stop cyberattacks in their tracks.

Tips for Finding and Getting Security Jobs in a Global Market
Organizations ranging from multinational corporations to government agencies and international nonprofits require cybersecurity expertise. These roles often include exciting opportunities for travel or relocation, making them an attractive path for professionals ready to take their careers global.

Hackers can potentially use AI to manipulate data that's generated and shared by some health apps, diminishing the data's accuracy and integrity, said Sina Yazdanmehr and Lucian Ciobotaru of cybersecurity firm Aplite, describing a recent research project involving Google Health Connect.

IntelliVision Settles With Federal Trade Commission Over Facial Recognition Claims
Facial recognition software maker IntelliVision has reached a settlement with the U.S. Federal Trade Commission after the regulator accused the AI-powered software vendor of deceptive marketing claims, including that its tools have "zero gender or racial bias" and market-leading levels of accuracy.

Researcher Lennert Wouters on Benefits of Device Hacking Contests, Collaboration
Lennert Wouters, a researcher at KU Leuven University in Belgium, has spent the past eight years studying embedded security, analyzing the vulnerabilities of everyday devices and commercial products. He shares his greatest hacks and insights on hardware security industry trends.

Crimenetwork Served as a Platform for Illegal Goods and Services
German police arrested the suspected administrator of the largest German-speaking underground markets for illegal goods and services. Crimenetwork, online since 2012, was used to sell stolen data, drugs and forged documents. The platform had more than 100,000 users and 100 sellers.

Gravy Analytics and Mobilewalla Ordered to Implement Stronger Consent Measures
Two data brokers pledged to stop using geolocation data gleaned from smartphones to sell services that provide a window to the intimate lives of Americans. "Surreptitious surveillance by data brokers undermines our civil liberties," an U.S. Federal Trade Commission official said.