Ransomware gangs are exploiting IBM Aspera Faspex RCE flaw (CVE-2022-47986)
Attackers are exploiting a critical vulnerability (CVE-2022-47986) in the IBM Aspera Faspex centralized file transfer solution to breach organizations. About CVE-2022-47986 IBM Aspera Faspex is used by organizations to allow employees to quickly and.....»»
Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465)
Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks’ Expedition firewall configuration migration tool, CISA has confirmed on Thursday. About the vulnerabilities (CVE-2024-94.....»»
NIST is chipping away at NVD backlog
The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but has admitted that their initial estimate of when they would finish the job.....»»
How a Windows zero-day was exploited in the wild for months (CVE-2024-43451)
CVE-2024-43451, a Windows zero-day vulnerability for which Microsoft released a fix on November 2024 Patch Tuesday, has been exploited since at least April 2024, ClearSky researchers have revealed. About the vulnerability CVE-2024-43451 affects all s.....»»
Scientists identify flaw in astrophysics models of massive stars and supernovae
An international team of researchers has uncovered evidence that astrophysics models of massive stars and supernovae are inconsistent with observational gamma-ray astronomy......»»
IBM boosts the amount of computation you can get done on quantum hardware
Incremental improvements across the hardware and software stacks add up. There's a general consensus that we won't be able to consistently perform sophisticated quantum calculatio.....»»
Amazon to phase out Freevee, but there’s still a way to watch for free
Amazon is phasing out Freevee, the ad-supported video streaming platform that launched in 2019 as IMDb Freedive before rebranding as Amazon Freevee in 2022......»»
Tackling ransomware without banning ransom payments
Tackling ransomware without banning ransom payments.....»»
Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)
November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities.....»»
Tax whistleblower laws boost state revenue: Study
The federal tax gap—money people and companies owe Uncle Sam but fail to pay on time—has climbed to historic highs: $696 billion in 2022, according to the IRS. It's money that—if recouped—could fund infrastructure or education or pay down gov.....»»
Zscaler Zero Trust Segmentation prevents lateral movement from ransomware attacks
Zscaler announced a Zero Trust Segmentation solution to provide a more secure, agile and cost-effective means to connect users, devices, and workloads across and within globally distributed branches, factories, campuses, data centers, and public clou.....»»
BlackFog platform enhancements boost data loss prevention
BlackFog launched its next generation enterprise platform to deliver even more powerful ransomware and insider threat prevention. BlackFog’s pioneering platform focuses specifically on anti data exfiltration to prevent unauthorized data from leavin.....»»
Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)
A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-.....»»
Law enforcement operation takes down 22,000 malicious IP addresses worldwide
Operation Synergia II took aim at phishing, ransomware, and information stealing. An international coalition of police agencies has taken a major whack at criminals accused of run.....»»
Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418)
Cisco has fixed a critical command injection vulnerability (CVE-2024-20418) affecting its Ultra-Reliable Wireless Backhaul (URWB) Access Points that can be exploited via a HTTP requests and allows complete compromise of the devices. There are no work.....»»
Climate change is contributing to drought in the American West even without rainfall deficits, scientists find
Higher temperatures caused by anthropogenic climate change made an ordinary drought into an exceptional drought that parched the American West from 2020–2022. A study by UCLA and National Oceanic and Atmospheric Administration climate scientists ha.....»»
Food security in Africa: Managing water will be vital in a rapidly growing region
Sub-Saharan Africa's population is growing at 2.7% per year and is expected to reach two billion by the year 2050. The region's urban population is growing even faster: it was at 533 million in 2023, a 3.85% increase from 2022......»»
Volcanic ash as a source of nutrients: How the Hunga Tonga eruption affected ecosystems in the South Pacific
The eruption of Hunga Tonga-Hunga Ha'apai (HTHH) in January 2022 ejected about 2.9 billion tons of volcanic material into the atmosphere and across the South Pacific. In early 2022, a scientific expedition (GEOTRACES GP21) investigated the impact of.....»»
GoZone ransomware accuses and threatens victims
A new ransomware dubbed GoZone is being leveraged by attackers that don’t seem to be very greedy: they are asking the victims to pay just $1,000 in Bitcoin if they want their files decrypted. The GoZone HTML ransom note (Source: SonicWall) The.....»»
Sustainable hydrophobic cellulose shows potential for replacing petroleum-related products
A recent study has aimed to create hydrophobic paper by exploiting the mechanical properties and water resistance of cellulose nanofibers, and so produce a sustainable, high-performance material suitable for packaging and biomedical devices. This inv.....»»
Google patches actively exploited Android vulnerability (CVE-2024-43093)
Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play fr.....»»