Advisories
-
mingw-expat-2.6.4-1.fc40
FEDORA-2024-cdde5c873d Packages in this update: mingw-expat-2.6.4-1.fc40 Update description: Update to 2.6.4. Backport fix for CVE-2024-50602. Read More
-
mingw-expat-2.6.4-1.fc41
FEDORA-2024-fa21fd6c77 Packages in this update: mingw-expat-2.6.4-1.fc41 Update description: Update to 2.6.4. Backport fix for CVE-2024-50602. Read More
-
Palo Alto Expedition Missing Authentication Vulnerability (CVE-2024-5910)
What is the Vulnerability?CISA has added CVE-2024-5910, a missing authentication vulnerability in Palo Alto Networks Expedition to its known exploited vulnerability (KEV) list. Expedition is a migration tool aiding in configuration migration, tuning, and enrichment from one of the supported vendors to Palo Alto Networks. Successful exploitation of CVE-2024-5910 can lead to an admin account…
-
DSA-5806-1 libarchive – security update
A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. https://security-tracker.debian.org/tracker/DSA-5806-1 Read More
-
Friday Squid Blogging: Squid-A-Rama in Des Moines
Squid-A-Rama will be in Des Moines at the end of the month. Visitors will be able to dissect squid, explore fascinating facts about the species, and witness a live squid release conducted by local divers. How are they doing a live squid release? Simple: this is Des Moines, Washington; not Des Moines, Iowa. Blog moderation…
-
Pro-Russian Hacktivists Target South Korea as North Korea Joins Ukraine War
South Korea warned that pro-Russian groups have attacked government and private sector websites following the deployment of North Korean soldiers in Ukraine Read More
-
AI Industry is Trying to Subvert the Definition of “Open Source AI”
The Open Source Initiative has published (news article here) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code—it’s how the model gets programmed—the definition makes no…
-
Major Oilfield Supplier Hit by Ransomware Attack
International energy solution provider Newpark Resources has confirmed it was hit by a ransomware attack that disrupted critical systems Read More
-
North Korean Actor Deploys Novel Malware Campaign Against Crypto Firms
SentinelLabs observed the North Korean group BlueNoroff targeting crypto firms via a multi-stage malware campaign which utilizes a novel persistence mechanism Read More
-
Cisco URWB Access Point Command Injection Vulnerability (CVE-2024-20418)
What is the Vulnerability?A maximum severity security (CVS Score 10.0) vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper…