Apache Flink flaw is back, and being actively exploited
An improper access control flaw is being actively exploited, CISA is warning......»»
Nanomedicine paves the way for new treatments for spinal cord injury
In a study published in Advanced Materials, researchers have demonstrated that an innovative nano-vector (nanogel), which they developed, is able to deliver anti-inflammatory drugs in a targeted manner into glial cells actively involved in the evolut.....»»
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE.....»»
Exploring the effect of ring closing on fluorescence of supramolecular polymers
In supramolecular chemistry, the self-assembly state of molecules plays a significant role in determining their tangible properties. Controlling the self-assembled state has garnered significant attention as it can be exploited to design materials wi.....»»
Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)
CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Ab.....»»
Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893)
Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation I.....»»
Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762)
Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is “potentially” being exploited in the wild. The exploitation-in-the-wild has been confirmed by CISA, by adding.....»»
Apple looking into Apple Watch Series 9, Ultra 2 "ghost touches" issue
Apple is actively investigating a problem with the Apple Watch Series 9 and Apple Watch Ultra 2, with an internal memo confirming it is looking into "ghost touches" of the display.Apple Watch Series 9The Apple Watch display is the main way of interac.....»»
Cold-resistant bacteria found in the Arctic can degrade crude oil
The Arctic region is being actively developed by humans, but it negatively affects the environment. The fact is that Arctic soils, which contain little organic matter, are susceptible to the toxic effects of hydrocarbons that get there as a result of.....»»
Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)
CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attac.....»»
Lagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832)
Five days after Mastodon developers pushed out fixes for a remotely exploitable account takeover vulnerability (CVE-2024-23832), over 66% of Mastodon servers out there have been upgraded to close the hole. About Mastodon Mastodon is open-source (serv.....»»
Week in review: Windows Event Log zero-day, exploited critical Jenkins RCE flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Prioritizing cybercrime intelligence for effective decision-making in cybersecurity In this Help Net Security interview, Alon Gal, CTO at Hudson Roc.....»»
Something odd is going on with the OnePlus 12
The OnePlus 12 came out swinging and even fixed a notable flaw. But it entirely avoided what the Samsung Galaxy S24 embraced: the AI hype......»»
10 USA cybersecurity conferences you should visit in 2024
Security BSides Security BSides offers attendees an opportunity to engage and present their ideas actively. Characterized by its intensity, these events are filled with discussions, demonstrations, and interactive participation. BSides are happening.....»»
Update your Apple devices, because the latest releases patched a major security flaw
Apple's latest updates to all its operating systems from macOS Sonoma to tvOS 17.3, included a fix to prevent a WebKit security vulnerability that the company says has been exploited.Researchers show how a GPU vulnerability could be exploitedAlongsid.....»»
How To Install Linux, Apache, MySQL, and PHP (LAMP) Stack on Ubuntu 22.04?
How To Install Linux, Apache, MySQL, and PHP (LAMP) Stack on Ubuntu 22.04?.....»»
Apple debuts new feature to frustrate iPhone thieves
Besides fixing an actively exploited zero-day vulnerability, the latest update for the iOS 17 branch offers a new feature to help you protect your accounts and sensitive information in case your iPhone gets stolen. Stolen Device Protection If enabled.....»»
Attackers can steal NTLM password hashes via calendar invites
A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev.....»»
Microsoft network breached through password-spraying by Russia-state hackers
Senior execs' emails accessed in network breach that wasn't caught for 2 months. Enlarge (credit: Getty Images) Russia-state hackers exploited a weak password to compromise Microsoft’s corporate network and accessed em.....»»
Chinese hackers quietly exploited a VMware zero-day for two years
UNC3886 was abusing a flaw in VMware for years, exfiltrating sensitive data and stealing login credentials......»»
Week in review: 10 cybersecurity frameworks you need to know, exploited Chrome zero-day fixed
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Key elements for a successful cyber risk management strategy In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses th.....»»