Aggregator

How we scaled AI Gateway to handle and store billions of requests, using Cloudflare Workers, D1, Durable Objects, and R2.

A recent alert jointly issued by a myriad of governmental agencies including CISA, FBI, EPA, DOE, NSA and NCSC-UK has spotlighted activities by Russians targeting U.S. and European critical infrastructure.

The post Strengthening Critical Infrastructure Defense: Shifting to an Exposure Management Mindset appeared first on Security Boulevard.

The SEC fined Unisys, Avaya, Check Point, and Mimecast millions of dollars for disclosures in the wake of the high-profile SolarWinds data breach that intentionally mislead investors and downplayed the impact the supply chain attack had on them.

The post SEC Fines Four Tech Firms for Downplaying SolarWinds Impacts appeared first on Security Boulevard.

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software. Arising due to resource

Ученые перекраивают историю Шелкового пути.

Home业界消息Perplexity 正式发布 macOS 客户端｜基于 AI 的对话式搜索引擎

История одной уязвимости от приватных писем к официальному раскрытию.

PRIMA может спасти миллионы от полной слепоты.

Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication to address vulnerabilities in Cisco ASA, FMC, and FTD. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   

CISA encourages users and administrators to review the following advisory and apply the necessary updates:  

• Cisco Event Response: October 2024 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Today, CISA—along with U.S. and international partners—released joint guidance, Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers. This guide aids software manufacturers in establishing secure software deployment processes to help ensure software is reliable and safe for customers. Additionally, it offers guidance on how to deploy in an efficient manner as part of the software development lifecycle (SDLC).

A well-designed software deployment process can help guarantee customers receive new features, security, and reliability while minimizing unplanned outages. 

CISA encourages software and service manufacturers review this guide, evaluate their software deployment processes, and address them through a continuous improvement program.

To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability
• CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released four Industrial Control Systems (ICS) advisories on October 24, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-298-01 VIMESA VHF/FM Transmitter Blue Plus
• ICSA-24-298-02 iniNet Solutions SpiderControl SCADA PC HMI Editor
• ICSA-24-298-03 Deep Sea Electronics DSE855
• ICSA-24-268-06 OMNTEC Proteus Tank Monitoring (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

October 24, 2024Over on YouTube Amateur Radio VK3YE has uploaded a video showing his 'HF Help

A vulnerability was found in Apache Syncope up to 2.1.14/3.0.8 and classified as problematic. This issue affects some unknown processing of the component Console. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-45031. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Zoho ManageEngine ADAudit Plus up to 8120 and classified as critical. This vulnerability affects unknown code of the component Technician Reports. The manipulation leads to sql injection. This vulnerability was named CVE-2024-5608. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Schema & Structured Data for WP & AMP Plugin up to 1.3.5 on WordPress. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-49683. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in smp7 Simple Membership Plugin up to 4.5.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. This vulnerability is handled as CVE-2024-49682. The attack may be launched remotely. There is no exploit available.

Как новая технология поможет отражать атаки неприятелей на авиацию?

融车、0首付购车、买车套现套路满满，汽车贷款欺诈日益猖狂，威胁猎人揭露车贷欺诈黑色产业链，为金融机构贷款风控策略提供参考意见。

CISA宣布了一项史无前例的，极为严苛的数据安全规定，旨在防止“敌对国家”获取美国政府和公民敏感数据。