Aggregator

A vulnerability classified as problematic has been found in Cisco IOS XE. This affects an unknown part of the component ACL. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2024-20510. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Cisco IOS and IOS XE. This vulnerability affects unknown code of the component Resource Reservation Protocol. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-20433. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco IOS XE 17.11.99SW/17.12.1/17.12.1a and classified as critical. Affected by this issue is some unknown functionality of the component IPv4 Fragmentation Handler. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2024-20467. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

California's attempt to regulate deepfakes in political advertising through AB 2839 has sparked debate on free speech and election integrity. The legislation faces challenges in implementation, technological limitations, and platform responsibilities, highlighting complexities of governing AI.

The post California’s Deepfake Regulation: Navigating the Minefield of AI, Free Speech, and Election Integrity appeared first on Security Boulevard.

San Francisco, United States / California, October 3rd, 2024, CyberNewsWireDoppler, t

Security Boulevard The Home of the Security Bloggers Network

E' stato pubblicato il Recepimento Direttiva (UE) 2022/2555, detta NIS 2 (D. Lgs. 4 settembre 2024,

The Global Bot Security Report is out and the results are in: Health, Luxury, and E-Commerce are the least protected industries against simple bot attacks. Learn how your industry measures up.

The post E-Commerce Protection Lags Behind: Insights from the 2024 Global Bot Security Report appeared first on Security Boulevard.

Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bugOver 4,000 unpatc

A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. [...]

Singapore, Singapore, October 3rd, 2024, CyberNewsWireAt DEF CON 32, the SquareX research team de

Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl

Neurobiologist Rafael Yuste had what he calls his “Oppenheimer moment” a decade ago after he learne

Torrance, United States / California, October 3rd, 2024, CyberNewsWireAn exclusive li

FSB Hackers Stripped of 107 Domains Used to Steal Credentials
The U.S. Department of Justice and Microsoft seized more than 100 websites allegedly used by a Russian intelligence cyberespionage operation with a fondness for spear phishing. Targets include the national security apparatus and journalists, think tanks, and non-governmental organizations.

CorrectCare to Settle Lawsuit After 'Inadvertently' Exposing PHI on Web for Months
A misconfigured web server and the exposure of sensitive information for nearly 600,000 prison inmates in 2022 will cost medical claims processing company CorrectCare $6.49 million to settle a consolidated proposed class action lawsuit, according to court records.

Also: Prison Sentences for BEC Scammers and a West African Cybercrime Crackdown
This week, AI nudify sites spread malware, BEC scammers head to prison, London man charged with hacking, and a Spanish insurance company with a breach. Also, a North Korean hacking group and a West African crackdown on online scammers. And, a Schrödinger Windows vulnerability: Is it real?

US Cyber Defense Agency Plans to Review Updated Implementation Plans in November
A top official from the U.S. Cybersecurity and Infrastructure Security Agency said Thursday the agency is planning to review updated federal implementation plans and ensure agencies are aligning with zero trust security objectives and addressing any funding gaps or technical challenges.

© 2024 Packet Storm. All rights reserved.