-
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 09 SEC Consult Vulnerability Lab Security Advisory < 20241107-0 > ======================================================================= title: Multiple Vulnerabilities product: HASOMED Elefant and Elefant Software Updater vulnerable version: <24.04.00, Elefant Software Updater <1.4.2.1811 fixed version: 24.04.00, Elefant Software Updater 1.4.2.1811 CVE number: CVE-2024-50588,… Read More
-
FBI: Spike in Hacked Police Emails, Fake Subpoenas
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies. In an alert (PDF) published this week, the FBI…
-
mingw-expat-2.6.4-1.fc40
FEDORA-2024-cdde5c873d Packages in this update: mingw-expat-2.6.4-1.fc40 Update description: Update to 2.6.4. Backport fix for CVE-2024-50602. Read More
-
mingw-expat-2.6.4-1.fc41
FEDORA-2024-fa21fd6c77 Packages in this update: mingw-expat-2.6.4-1.fc41 Update description: Update to 2.6.4. Backport fix for CVE-2024-50602. Read More
-
Palo Alto Expedition Missing Authentication Vulnerability (CVE-2024-5910)
What is the Vulnerability?CISA has added CVE-2024-5910, a missing authentication vulnerability in Palo Alto Networks Expedition to its known exploited vulnerability (KEV) list. Expedition is a migration tool aiding in configuration migration, tuning, and enrichment from one of the supported vendors to Palo Alto Networks. Successful exploitation of CVE-2024-5910 can lead to an admin account…
-
DSA-5806-1 libarchive – security update
A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. https://security-tracker.debian.org/tracker/DSA-5806-1 Read More
-
Friday Squid Blogging: Squid-A-Rama in Des Moines
Squid-A-Rama will be in Des Moines at the end of the month. Visitors will be able to dissect squid, explore fascinating facts about the species, and witness a live squid release conducted by local divers. How are they doing a live squid release? Simple: this is Des Moines, Washington; not Des Moines, Iowa. Blog moderation…
-
Pro-Russian Hacktivists Target South Korea as North Korea Joins Ukraine War
South Korea warned that pro-Russian groups have attacked government and private sector websites following the deployment of North Korean soldiers in Ukraine Read More
-
AI Industry is Trying to Subvert the Definition of “Open Source AI”
The Open Source Initiative has published (news article here) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code—it’s how the model gets programmed—the definition makes no…
-
Major Oilfield Supplier Hit by Ransomware Attack
International energy solution provider Newpark Resources has confirmed it was hit by a ransomware attack that disrupted critical systems Read More