Aggregator

A vulnerability has been found in Linux Kernel up to 5.10.226/5.15.167/6.1.112/6.6.56/6.11.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component imx. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2024-50181. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.15.167/6.1.112/6.6.56/6.11.3. Affected is an unknown function of the component ext4. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2024-50191. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Xlight FTP Server整数溢出漏洞(CVE-2024-46483)分析与复现

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.6.54/6.10.13/6.11.2 on CSIPHY. This issue affects the function stop_streaming of the file drivers/media/common/videobuf2/videobuf2-core.c of the component camss. The manipulation leads to improper update of reference count. The identification of this vulnerability is CVE-2024-50175. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

In a bold move, Apple has published a draft ballot for commentary to GitHub to shorten Transport Layer Security (TLS) certificates down from 398 days to just 45 days by 2027. The Apple proposal will likely go up for a vote among Certification Authority Browser Forum (CA/B Forum) members in the upcoming months. Apple isn’t the first of the big players to suggest such a move. Last year, Google announced its intention to mandate 90-day … More →

The post Apple’s 45-day certificate proposal: A call to action appeared first on Help Net Security.

WILMINGTON, Delaware, November 7th, 2024/Chainwire/--Rekt Brands Inc. (Rekt), the parent company beh

Also: LottieFiles Attack, Craig Wright's Contempt of Court
This week, Metawin hacks, LottieFiles attack, hackers used Ethereum smart contracts to target npm developers, Craig Wright faced contempt of court, Alameda sued KuCoin, Binance sought dismissal of a U.S. Securities and Exchange lawsuit, and Immutable received a Wells Notice.

Also: Ransomware Hackers Demand Baguettes
This week, Chinese spying, Italian hacking scandal, an FBI warning and Okta fixed a bug. Google mandated MFA, zero days in PTZOptics and a Mexican airport didn't pay ransom. Cybercriminals demanded baguettes, breach lettersin Ohio and Germany will shield white hats. The Italian DPA rebuked a bank.

Did Data Theft at Firm Also Affect Other Clients' Information?
A hacking incident at Thompson Coburn, a national law firm based in Missouri, has affected an unspecified number of patients of a healthcare sector client, Presbyterian Healthcare Services in New Mexico. But a big unanswered question is whether other clients were affected.

Noka 'Is Aware of Reports'
Finnish telecommunications equipment manufacturer Nokia is investigating the alleged posting of source code data on a criminal hacking forum. A hacker going by the handle of "IntelBroker" on Thursday posted what he said is a trove of "Nokia-related source code."

A CVSS score 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Simon Zuckerbraun - Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-11-08, 95 days ago. The vendor is given until 2025-03-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2024-11-08, 95 days ago. The vendor is given until 2025-03-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-11-08, 95 days ago. The vendor is given until 2025-03-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2024-11-08, 95 days ago. The vendor is given until 2025-03-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Exploration of AI accelerators and their impact on deploying Large Language Models (LLMs) at scale.P

Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. The Rust-based container runtime scanner runs as a container, detecting gaps in users’ container runtime isolation. It also provides guidance to improve users’ runtime environments to offer stronger isolation guarantees. “The status quo of containers is that they don’t contain. The lack of container isolation has dire consequences in a cloud native environment, including container escapes, … More →

The post Am I Isolated: Open-source container security benchmark appeared first on Help Net Security.

亚马逊正在制作基于《质量效应》系列的游戏改编电视剧，但故事核心不一定是围绕游戏主角指挥官 Shepherd，而可能是一则新故事，目前尚未确定。亚马逊今年上映的游改电视剧《辐射》大获成功。《质量效应》电视剧的编剧和执行制片人是 Daniel Casey，他最为人熟知的工作是担任《速度与激情 9：The Fast Saga》的主要编剧。另一位制片人 Karim Zreik 来自漫威电视剧部门，该部门曾为 Netflix 制作了《夜魔侠》和《Jessica Jones》。第三位制片人 Ari Arad 参与了游改电影《无主之地》和《神秘海域》，以及真人版《攻壳机动队》。

A vulnerability classified as very critical was found in Samba up to 3.6.x. This vulnerability affects the function ndr_ValidatePassword. The manipulation leads to numeric error. This vulnerability was named CVE-2012-1182. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

By Doug Milburn and Tom LawrenceIn recent years, the role of Managed Service Providers (MSPs) has r