Aggregator

Обновление браузера может спасти ваши данные.

A vulnerability was found in Mozilla Firefox up to 130.0.0 on Android and classified as problematic. This issue affects some unknown processing of the component Address Bar Handler. The manipulation leads to open redirect. The identification of this vulnerability is CVE-2024-8897. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2024-8945. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. This vulnerability is uniquely identified as CVE-2024-8944. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #409096 / VDB-277762

Software Security / Data ProtectionSolarWinds has released fixes to address two security flaws in

Может ли обычный джойстик заменить скальпель?

Veritas Technologies unveiled new AI-driven capabilities to further expand the strength and functionality of the Veritas cyber resilience portfolio. The new innovations, including AI-powered automation and user interface enhancements, provide data protection specialists and IT generalists with intelligent, easy-to-use solutions that remove the uncertainty from cyber recovery. Deepak Mohan, EVP of engineering at Veritas, said: “Data security is becoming increasingly complex, and IT teams are under mounting pressure to ensure that data is always available, … More →

The post Veritas unveils AI-driven features to simplify cyber recovery appeared first on Help Net Security.

Submit #408931 / VDB-276272

Submit #408871 / VDB-277761

Уязвимость оставалась открытой, пока её не заметили исследователи.

Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). "Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)," David Adrian, David Benjamin, Bob Beck, and Devon O'Brien of the Chrome Team said. "The

A vulnerability, which was classified as problematic, has been found in langchain-ai langchain up to 0.2.8. Affected by this issue is the function FAISS.deserialize_from_bytes. The manipulation leads to deserialization. This vulnerability is handled as CVE-2024-5998. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator. "The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and

ИИ будет обучать беспилотники на лету.

索尼 PS1 模拟器项目 DuckStation 经历了两次许可证修改，它事实上不再是开源软件。DuckStation 原本采用 GPL 许可证，按照 GPL 的要求修改版本需要公开源代码，但很多时候修改版本并没有遵守这一要求。DuckStation 于 9 月 1 日改为 PolyForm Strict License，9 月 13 日再次切换到 CC-BY-NC-ND 许可证，禁止商业使用，禁止衍生作品，这意味着禁止任何人将 DuckStation 重新打包。项目作者表示，更换许可证获得了主要贡献者的同意，表示受够了对 GPL 许可证的频繁违反，称如果遭到骚扰会考虑关闭源码库。

F5 launched F5 NGINX One, combining advanced load balancing, web and application server capabilities, API gateway functionalities, and security features in a dedicated package. Customers are now able to simply manage and secure F5 NGINX instances and NGINX Open Source from a single cloud management interface. End-to-end visibility speeds apps to market and enables advanced features like AI more efficiently versus a traditional siloed approach. This new offering makes NGINX technology easier to deploy, unlocking … More →

The post F5 NGINX One improves app delivery and security functions appeared first on Help Net Security.

CISA released three Industrial Control Systems (ICS) advisories on September 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-261-01 Siemens SIMATIC S7-200 SMART Devices
• ICSA-24-261-02 Millbeck Communications Proroute H685t-w
• ICSA-24-261-03 Yokogawa Dual-redundant Platform for Computer (PC2CKM)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.