Aggregator

A vulnerability was found in phpBG and classified as critical. Affected by this issue is some unknown functionality of the file intern/config/forum.php. The manipulation of the argument rootdir leads to improper input validation. This vulnerability is handled as CVE-2007-4636. The attack may be launched remotely. Furthermore, there is an exploit available.

Платформа отказалась удалять почти все материалы по запросу регулятора.

Venafi introduced new product capabilities in its Control Plane for Machine Identities. This latest version of the Venafi Control Plane will enable security and platform teams to address the most critical machine identity security challenges and help future-proof their organizations, including post-quantum readiness, cloud-to-cloud connectivity and workload identity security. “As today’s security landscape continues to rapidly evolve with multi-cloud and post-quantum readiness as key concerns, security professionals and developers alike are faced with new, emerging … More →

The post Venafi helps organizations solve more machine identity security problems appeared first on Help Net Security.

Organizations looking to maximize their security posture will find AI a valuable complement to existing people, systems, and processes.

Email Security / VulnerabilityCybersecurity researchers are warning about active exploitation atte

Как «зелёный мессенджер» отстаивает права пользователей на конфиденциальность?

A vulnerability was found in Wireshark 3.6.0. It has been classified as problematic. This affects an unknown part of the component Kafka Dissector. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2021-4190. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Wireshark up to 3.4.11/3.6.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component CSN.1 Dissector. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-0582. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.1.92/6.6.32/6.8.11/6.9.2 and classified as critical. Affected by this issue is the function rcu_dereference_protected in the library net/bridge/br_private.h. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-36979. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Metomic released its Data Classification solution, making it possible to discover, classify and secure sensitive data at scale across Google Workspaces. Metomic’s latest innovation is an AI-powered tool that automates complex data management workflows, enabling IT and security teams to maintain control of their data while also ensuring data compliance across cloud-based storage and SaaS environments. Without accurate data classification, businesses can’t prioritize risk, address vulnerabilities or implement effective security measures at scale downstream. With … More →

The post Metomic Data Classification automates complex data management workflows appeared first on Help Net Security.

The Rhadamanthys information stealer has been upgraded with advanced features, including the use of artificial intelligence (AI) for optical character recognition (OCR). Researchers at the Recorded Future’s Insikt group have documented the evolution of the Rhadamanthys info stealer. The malware was first identified in 2022, and since then it has been upgraded with advanced features, […]

A vulnerability, which was classified as critical, was found in brainabundance brain abundance info 0.1. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-7328. The attack needs to be initiated within the local network. There is no exploit available.

Раскрыта схема обмана американцев индийскими колл-центрами.

Supply Chain Attack / CryptocurrencyA new set of malicious packages has been unearthed in the Pyth

PlexTrac announced significant enhancements to its platform. These updates are designed to help enterprises and security service providers harness proactive security by offering business context, automating risk scoring to focus on what matters most, streamlining remediation workflows with event-driven interoperability, and measuring the effectiveness of proactive security measures in mitigating risk over time. These new capabilities allow customers and partners to make significant strides in automating the Continuous Threat Exposure Management (CTEM) lifecycle as part … More →

The post PlexTrac unveils new capabilities to prioritize proactive security remediation appeared first on Help Net Security.

Concentric AI announced an AI-based DSPM functionality that identifies data access and activity risk from Copilot requests. With this launch, enterprises can now for leverage AI-driven DSPM to track, monitor and seamlessly enforce access governance around Copilot activity and abnormal user requests, as well as remediate those scenarios to prevent data loss. “Enterprises looking to roll out Copilot are worried that sensitive data can be accessed inappropriately by end users from all of these interactions,” … More →

The post Concentric AI helps monitor and remediate risky Copilot activity appeared first on Help Net Security.

Свобода слова против организованной преступности - кто победит?

A vulnerability classified as very critical has been found in Adobe Flash Player up to 11.2.202.632/18.0.0.366/22.0.0.211. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2016-6930. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.