Apache Flink flaw is back, and being actively exploited
An improper access control flaw is being actively exploited, CISA is warning......»»
Critical RCE vulnerabilities found in git (CVE-2022-41903, CVE-2022-23251)
A source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development. The latest git vulnerabilities CVE-2022-41903 is an out-of-bounds memory write flaw in.....»»
Vulnerable NetComm routers and a public PoC exploit (CVE-2022-4873, CVE-2022-4874)
Two vulnerabilities (CVE-2022-4873, CVE-2022-4874) found in three NetComm router models could be exploited to achieve remote code execution on vulnerable devices, and there’s a public PoC chaining them, CERT/CC has warned. The good news is that.....»»
A new approach to sharing the burden of carbon dioxide removal
To have a chance to achieve the Paris Agreement's goal of limiting global warming to 1.5–2°C compared to pre-industrial levels, it is clear that we will need to go beyond restricting emissions and actively focus on removing carbon dioxide from the.....»»
Touchscreen Macs would be fine, with two big provisos [Comment]
Touchscreen Macs are back in the news – though it’s unclear whether there’s actually much reason for this. The Bloomberg report didn’t say that Apple actually plans to make any, only that engineers are ‘‘actively engaged‘‘ in the pro.....»»
Cacti servers under attack by attackers exploiting CVE-2022-46169
If you’re running the Cacti network monitoring solution and you haven’t updated it since early December, now is the time to do it to foil attackers exploiting a critical command injection flaw (CVE-2022-46169). About Cacti and CVE-2022-46.....»»
Hackers target and exploit major Control Web Panel security flaw
Flaw allows Control Web Panel hackers to execute malicious code remotely, but a fix is available......»»
FortiOS flaw was exploited to compromise governmental targets (CVE-2022-42475)
A critical vulnerability in FortiOS SSL-VPN (CVE-2022-42475) that Fortinet has issued patches for in November 2022 has been exploited by attackers to compromise governmental or government-related targets, the company has shared. Fortinet says the att.....»»
70% of apps contain at least one security flaw after 5 years in production
Veracode revealed data that could save organizations time and money by helping developers minimize the introduction and accumulation of security flaws in their software. Their report found that flaw build-up over time is such that 32% of applications.....»»
Indigenous tech group asks Apache Foundation to change its name
Identity as a "last tribe" is simplification and erasure, indigenous group says. Enlarge / A 2015 photo by Zaheda Bhorat (shared by Rich Bowen) showing many of the original Apache Software Foundation's creators, with co-founder J.....»»
Fortinet says hackers exploited critical vulnerability to infect VPN customers
Remote code-execution bug was exploited to backdoor vulnerable servers. (credit: Fortinet) An unknown threat actor abused a critical vulnerability in Fortinet’s FortiOS SSL-VPN to infect government and government-relat.....»»
Apple developing touchscreen Macs that could debut in 2025 with new MacBook Pro
Apple is apparently planning a reversal for one of its long-held beliefs on the Mac. According to a new report from Bloomberg, Apple has teams of engineers actively working on touchscreen Macs. It could release a new MacBook Pro with touchscreen sup.....»»
A widespread logic controller flaw raises the specter of Stuxnet
Over 120 PLC models contain a serious vulnerability—and no fix is on the way. Enlarge In 2009, the computer worm Stuxnet crippled hundreds of centrifuges inside Iran’s Natanz uranium enrichment plant by targeting th.....»»
Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)
To mark the January 2023 Patch Tuesday, Microsoft has released patches for 98 CVE-numbered vulnerabilities, including one exploited in the wild (CVE-2023-21674) and one (CVE-2023-21549) that’s been publicly disclosed. Both allow attackers to el.....»»
JsonWebToken open source library has a significant security flaw
Hackers could have used flaw to remotely execute malicious code on affected endpoints......»»
Samsung’s new Odyssey Neo G9 gaming monitor is beautiful, but it has a fatal flaw
Samsung's Odyssey Neo G9 2023 is a beautiful monitor, and I loved seeing it at CES. It's just a shame that it might be dead on arrival when it releases......»»
Samsung’s new Odyssey Neo G9 is beautiful, but it has a fatal flaw
Samsung's Odyssey Neo G9 2023 is a beautiful monitor, and I loved seeing it at CES. It's just a shame that it might be dead on arrival when it releases......»»
Rackspace ransomware attack was executed by using previously unknown security exploit
The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week. The exploit chains CVE-2022-41082, a RCE flaw, and C.....»»
Notebook ODMs see customers actively diversify production locations
Notebook ODMs are seeing customers step up the diversification of production locations aiming to accelerate production relocations away from China, according to industry sources......»»
iOttie Velox Elite is an actively cooled MagSafe car charger to prevent overheating
Announced, at CES 2023, the new iOttie Velox Elite MagSafe car charger uses active cooling to help ensure your iPhone will never overheat while driving again.The new iOttie Velox EliteOne of the most common problems with in-car chargers is that phone.....»»
China"s SiC development impacted by lack of epitaxy equipment
The Chinese government is actively boosting the development of local SiC manufacturing industry, but China-based SiC makers have been hit by the lack of epitaxy equipment to produce SiC epitaxial wafers, according to industry sources......»»