Australia’s signal intelligence agency calls upon an Eighties popstar to fight terrorism, and a simple act of kindness leads to a woman being scammed for thousands.
All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Plus don’t miss our featured interview with Max Power of Bitwarden.
mariadb-10.5.20-1.fc38
MariaDB 10.5.20
Release notes:
mariadb-10.5.20-1.fc37
MariaDB 10.5.20
Release notes:
Posted by Stefan Kanthak on Jun 07
Hi @ll,
about a month ago Microsoft published HVCIScan-{amd,arm}64.exe, a
“Tool to check devices for compatibility with memory integrity (HVCI)”
The “Install instructions” on the download page
<https://www.microsoft.com/en-us/download/105217> tell:
| Download the hvciscan.exe for your system architecture (AMD64 or ARM64).
| From an elevated command window or PowerShell, run hvciscan.exe
“ELEVATED” sounds…
Posted by Qualys Security Advisory via Fulldisclosure on Jun 07
Qualys Security Advisory
LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863
========================================================================
Contents
========================================================================
Summary
CVE-2023-33865, a symlink vulnerability in /tmp/RenderDoc
– Analysis
– Exploitation
CVE-2023-33864, an integer underflow to heap-based buffer overflow
– Analysis
– Exploitation…
The threat group behind the Clop ransomware took credit for the recent attacks exploiting a zero-day SQL injection vulnerability in a popular web-based managed file transfer (MFT) tool called MOVEit Transfer. In a message posted on its data leak site, the gang instructs victims to contact them and negotiate a payment until June 14 or see their data leaked publicly.
The message, which was modified several times, including to extend the deadline from June 12 to June 14, tells organizations that after initial contact over email they will receive a unique link to a real-time chat over the Tor network where they will be given a price for the secure deletion of their stolen data and can ask for a small number of random files as verification. If no agreement is reached in seven days, the attackers threaten to start publishing the data.
The latest version of Network Perception’s NP-View platform, which is designed to provide deep insights into industrial and other operational technology (OT) networks, features new capabilities like improved parsing and more flexible lookup options.
The Chicago-based vendor announced NP-View 4.2 today, saying that the new features include an improved algorithm for access rules and object groups reports, faster parsing, higher performing tables, and object content lookup.
The idea, according to Network Perception CEO Robin Berthier, is to let the company’s core network mapping and diagnostic product cope with increasingly large and complex operational technology infrastructure.
The latest version of Network Perception’s NP-View platform, which is designed to provide deep insights into industrial and other operational technology networks, features new capabilities like improved parsing and more flexible lookup options.
The Chicago-based vendor announced NP-View 4.2 today, saying that the new features include an improved algorithm for access rules and object groups reports, faster parsing, higher performing tables, and object content lookup.
The idea, according to Network Perception CEO Robin Berthier, is to let the company’s core network mapping and diagnostic product cope with increasingly large and complex operational technology infrastructure.
TikTok is making headlines again, and – as usual – it’s not for a good reason.
Read more in my article on the Hot for Security blog.
Cisco Security Cloud and Webex will sport new features supported by its home-grown generative AI.
