Apache Flink flaw is back, and being actively exploited
An improper access control flaw is being actively exploited, CISA is warning......»»
PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)
An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks started on June 8, two days after the PHP development team pushed out fixes, and.....»»
China state hackers infected 20,000 Fortinet VPNs, Dutch spy service says
Critical code-execution flaw was under exploitation 2 months before company disclosed it. Enlarge Hackers working for the Chinese government gained access to more than 20,000 VPN appliances sold by Fortinet using a crit.....»»
Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)
June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw (CVE-2024-30080) and a RCE vulnerability in Microsoft Outlook (CVE-2024-30103). 49 CVE-numbered vulnerabilities have been fixed in total, none of which have be.....»»
Elephants may refer to each other by name
The animals seem to respond more actively to calls that include their "name." Enlarge (credit: Buena Vista Images) Lots of animals communicate with each other, from tiny mice to enormous whales. But none of those forms o.....»»
PHP code could be easily exploited to let hackers target Windows servers
Users are advised to apply the patch immediately or risk having malicious code run remotely......»»
SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)
SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine. About CVE-2024-.....»»
Nasty bug with very simple exploit hits PHP just in time for the weekend
With PoC code available and active Internet scans, speed is of the essence. Enlarge A critical vulnerability in the PHP programming language can be trivially exploited to execute malicious code on Windows devices, secur.....»»
Observing ultrafast photoinduced dynamics in a halogen-bonded supramolecular system
Researchers have uncovered how the halogen bond can be exploited to direct sequential dynamics in multi-functional crystals, offering crucial insights for developing ultrafast-response times for multilevel optical storage......»»
MagSafe Monday: UGREEN’s 145-watt power bank can charge a MacBook Air in 90 minutes
I recently picked up , which deserved a complete write-up as I’ve spent some time with them. Although they lack MagSafe compatibility (which is the only flaw), they might be one of the best options for travelers looking to charge all of their devic.....»»
High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)
If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw (CVE-2024-21683) for which a PoC and technical details are already public. Abo.....»»
Google accidentally published internal Search documentation to GitHub
Commit snafu slapped an irrevocable Apache 2.0 license on confidential API Docs. Enlarge (credit: Getty Images | Alexander Koerner) Google apparently accidentally posted a big stash of internal technical documents to Git.....»»
Federal agency warns critical Linux vulnerability being actively exploited
Cybersecurity and Infrastructure Security Agency urges affected users to update ASAP. Enlarge (credit: Getty Images) The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to i.....»»
Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)
Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which they then used to move laterally in the target organizations’ network. &.....»»
Ford recalls nearly 110,000 Lincoln Aviators for rearview camera flaw
Ford Motor Co. is recalling 109,283 Lincoln Aviators because of faulty rearview cameras that flicker and shake from customer mobile phone electromagnetic frequency waves......»»
Researchers crack 11-year-old password, recover $3 million in bitcoin
A flaw with the digital wallet and a bit of luck did the trick. Enlarge (credit: Flavio Coelho/Getty Images) Two years ago when “Michael,” an owner of cryptocurrency, contacted Joe Grand to help recover access to abo.....»»
Cybersecurity teams gear up for tougher challenges in 2024
In this Help Net Security video, Tom Gorup, VP of Security Services at Edgio, discusses the continually changing threat landscape. It is riddled with vulnerabilities that are frequently exploited and only intensify as geopolitics and state-sponsored.....»»
Could Martian atmospheric samples teach us more about the red planet than surface samples?
NASA is actively working to return surface samples from Mars in the next few years, which they hope will help us better understand whether ancient life once existed on the red planet's surface billions of years ago. But what about atmospheric samples.....»»
Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) For the eighth time this year, Google has released an emergency updat.....»»
Droplets that swim toward dissolution could inspire fluid microbots
Researchers discovered that microscopic liquid droplets swim toward solvent conditions that favor their dissolution. This mechanism may underlie some transport processes within living cells, and could be exploited to develop fluid micro robots......»»
Apache Flink flaw is back, and being actively exploited
An improper access control flaw is being actively exploited, CISA is warning......»»