Aggregator

Похоже, популярный музыкальный софт сбился с ритма безопасности.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Simon Zuckerbraun - Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2025-02-04, 30 days ago. The vendor is given until 2025-06-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Dell has released a Critical Security Update (DSA-2025-022) for its PowerProtect Data Domain (DD) systems to address multiple vulnerabilities that could allow attackers to compromise affected systems. These vulnerabilities, identified in various components and open-source dependencies, highlight the importance of timely patching to safeguard enterprise data protection environments. Impact of the Disclosed Vulnerabilities The vulnerabilities include seven […]

The post Multiple Flaws in Dell PowerProtect Allow System Compromise appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent cybersecurity threat has emerged in the form of AsyncRAT, a remote access trojan (RAT) that leverages Python and TryCloudflare for stealthy malware delivery. This sophisticated campaign involves a complex sequence of events, starting with phishing emails that deceive users into downloading malicious payloads. Here the attack chain exploits legitimate infrastructure which makes the […]

The post AsyncRAT Abusing Python and TryCloudflare For Stealthy Malware Delivery appeared first on Cyber Security News.

While organizations have long experimented with various facets of digital transformation, the journey toward crypto-agility is one of the most significant technological transitions of our time. Success in the emerging quantum era will require technical expertise, strategic foresight, careful planning, and an unwavering commitment to security. The challenges Perhaps the most pressing challenge in the quest towards cryptographic agility is encryption key sprawl, where visibility into organizations’ encryption key ecosystem becomes cloudy. Many companies struggle … More →

The post Aim for crypto-agility, prepare for the long haul appeared first on Help Net Security.

Патч также устраняет десятки скрытых угроз, о которых вы могли и не догадываться.

A critical Cross-Site Scripting (XSS) vulnerability has been discovered in the popular open-source webmail client, Roundcube, potentially exposing users to serious security risks. Tracked as CVE-2024-57004, the flaw affects Roundcube Webmail version 1.6.9 and allows remote authenticated users to upload malicious files disguised as email attachments. Once the malicious file is uploaded, the vulnerability can be triggered when the […]

The post Roundcube XSS Flaw Allows Attackers to Inject Malicious Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

财政部印发《数据资产全过程管理试点方案》确定国家卫生健康委为中央试点部门，负责管理卫生健康数据资产，组织开展数据资产全过程管理试点。在此背景下，有必要深入探讨当前医疗卫生数据资产全过程管理面临的问题，以确保卫生健康相关数据资产有效管理和利用

在数字经济快速发展的当下，数据已跃升为与土地、劳动力、资本等传统生产要素并驾齐驱的关键生产要素，其重要性不言而喻。

在数字经济全球化发展的今天，个人信息的跨境流动已然成为常态。如何在促进个人信息合理利用的同时，加强个人信息保护、保障数据流动的有序性和安全性成为加强个人信息跨境流动监管的重要命题。

近日国家发展改革委、国家数据局等部门联合印发《关于完善数据流通安全治理 更好促进数据要素市场化价值化的实施方案》，为充分释放数据价值提供了重要制度保障。

Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service

In this Help Net Security interview, Benjamin Racenberg, Senior Intelligence Services Manager at Nisos, discusses the threat of workforce fraud, particularly DPRK-affiliated IT workers infiltrating remote roles. With HR teams and recruiters often unprepared to detect these sophisticated schemes, businesses face significant cybersecurity and employment risks. Racenberg also discusses the tactics used by these threat actors and offers strategies to strengthen hiring practices and mitigate workplace fraud. We’ve seen stories about DPRK-affiliated IT workers infiltrating … More →

The post What you can do to prevent workforce fraud appeared first on Help Net Security.

US to Investigate Whether DeepSeek Bypassed Export Controls to Obtain Nvidia Chips
Singapore has vowed to investigate allegations that Chinese artificial intelligence company DeepSeek flouted U.S. export controls to obtain high-performance Nvidia chips to power its flagship R1 reasoning application through intermediaries based in the island nation.

Security Concerns, Chinese Ownership Drive Concerns
U.S. federal agencies and corporations with ties to the government are blocking employees from using Chinese chatbot DeepSeek over security and privacy concerns. China could potentially use DeepSeek AI models to spy on American citizens, acquire proprietary secrets and conduct influence campaigns.

'Advanced Planning Unit' to Focus on Societal, Economic, Workplace Implications
Microsoft has created a new research-focused entity as part of its artificial intelligence division to analyze and anticipate the technology's societal, economic and workplace implications. It will report directly to Mustafa Suleyman, CEO of Microsoft AI.