Aggregator

泛欧射电望远镜低频阵列（LOFAR）团队报告说，SpaceX 从去年开始发射第二代星链（Starlink）卫星，其发出的无线电波比第一代卫星多 30 倍。射频泄漏远低于星链卫星用于向客户提供互联网服务和与地面控制人员通信的频带，因此 LOFAR 团队得出结论，这是无意的。但它比 LOFAR 和类似望远镜研究的昏暗天文光源亮 1000 万倍。干扰将会持续下去。超过 6000 颗星链卫星已经在轨运行，比所有其他运行的卫星都多，且 SpaceX 计划建造数万颗。当这种情况发生时，像 LOFAR 这样的大视场望远镜可能无法找到没有星链卫星的一片天空。南非和澳大利亚计划中的平方公里阵列射电望远镜（SKA）的研究人员与 SpaceX 工程师密切合作，以减少早期星链卫星的射电辐射。SKA 天文台台长 Phil Diamond 说：“看到最新一代卫星的辐射仍存在并且更亮，非常令人失望。”

Financially motivated threat actors are targeting North American companies in the transportation and logistics sector with tailored lures, info-stealing malware, and a clever new trick. How the attack unfolds According to Proofpoint threat researchers, the attackers start by compromising email accounts of workers in transportation and shipping companies and then responding to existing email conversations within the account’s inbox. The emails are usually short, and initially urged recipients to follow a link to / download … More →

The post Transportation, logistics companies targeted with lures impersonating fleet management software appeared first on Help Net Security.

A vulnerability was found in VRNews 1.1.1. It has been declared as critical. This vulnerability affects unknown code of the file admin.php. The manipulation of the argument act leads to improper privilege management. This vulnerability was named CVE-2007-3611. The attack can be initiated remotely. Furthermore, there is an exploit available.

American peer-to-peer payments and money transfer company MoneyGram confirmed that a cyberattack caused its service outage. American interstate and international peer-to-peer payments and money transfer company MoneyGram confirmed that its services are currently unavailable due to a cyberattack. On September 22, the company informed its customers that it was experiencing a network outage impacting connectivity to a number of our systems. The […]

A vulnerability, which was classified as very critical, has been found in SAP EnjoySAP. This issue affects the function LaunchGui of the component ActiveX Control. The manipulation of the argument first leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2007-3606. The attack may be initiated remotely. Furthermore, there is an exploit available.

开源软件和私有软件之间的紧张关系短期内无解，一家估值 30 亿美元的软件创业公司 Sentry 推出了 Fair Source 许可证，试图在开源和私有软件之间架起桥梁。Fair Source 概念设计帮助企业与开放软件开发圈保持一致，避免侵犯现有的开源、开放核心或源代码可用的授权环境，避开与私有授权的任何负面联系。Fair Source 也是对开源在商业上不可行的日益增长的观点的一种回应。Sentry 开源主管 Chad Whitacre 称，开源不是一种商业模式，开源是一种分发模式，它主要是作为一种软件开发模式。开源授权条款对可用的商业模式施加了严格限制。今天很多非常成功的开源项目通常是大型私有产品的组成部分。为保护自己的工作，曾高举开源旗帜的企业退缩了，或者从没什么限制的许可转向了严格限制的 Copyleft 许可，如 Element 和 Grafana 就这么做了，或者如 HashiCorp 对 Terraform 项目完全放弃了开源。Whitacre 指出大部分软件仍然是闭源的，Kubernetes 是开源的，而 Google Search 是闭源的。React 是开源的，Facebook Newsfeed 是闭源的。

Исходный код Kryptina используется для новых атак на Linux.

Osano announced advanced capabilities within its platform, including tighter integration of its data mapping and assessment modules and powerful reporting and risk management capabilities. Privacy teams are often under-resourced and overwhelmed by manual work. According to the IAPP-EY Privacy Governance Report, 63% of privacy professionals agree the limited availability of resources within their organization impacts their ability to deliver on privacy goals. These updates, which will launch in early Q4, help data privacy professionals streamline … More →

The post Osano reduces complexity for data privacy professionals appeared first on Help Net Security.

A vulnerability was found in NBE 1.1. It has been declared as critical. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-6983. The attack needs to be approached within the local network. There is no exploit available.