SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)
Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The Terrapin at.....»»
In stunning Nobel win, AI researchers Hopfield and Hinton take 2024 Physics Prize
Hinton, who quit Google in 2023 to warn of AI dangers, was "flabbergasted" at the news. On Tuesday, the Royal Swedish Academy of Sciences awarded the 2024 Nobel Prize in Physics t.....»»
Report on global water resources: Conditions in 2023 were either too dry or too wet
Not only was 2023 characterized by unprecedentedly high temperatures but also by excessive droughts in many parts of the world as well as floods in other areas. The World Meteorological Organization (WMO) has now presented its third report on the sta.....»»
Georgia Mercedes dealership sues commercial vehicle customizer for nearly $5 million
A Georgia dealership sued a South Carolina company for nearly $5 million for failing to pay for 83 Mercedes-Benz vehicles it bought in 2023, according to a federal court suit......»»
Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started the month by announcing the release of Windows 11.....»»
If you think your robot vacuum is watching you, you might not be wrong
A new report finds a worrisome Ecovacs vulnerability.....»»
"Red Rooms" review: Austere giallo for our tech-detached age
A Quebecois serial killer courtroom drama that out-Finchers Fincher. Fantasia 2023's Opening Night film reviewed. She's a fashion model! She's a computer genius! She's got dark obsessions that have her fixated upon a serial killer! In the 1960s.....»»
Best practices for implementing threat exposure management, reducing cyber risk exposure
In this Help Net Security interview, Sanaz Yashar, CEO at Zafran, discusses the role of threat exposure management (TEM) in modern cybersecurity strategies. As traditional vulnerability management evolves, TEM addresses the overwhelming risks arising.....»»
100+ domains seized to stymie Russian Star Blizzard hackers
Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor. “Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations.....»»
How future heat waves at sea could devastate UK marine ecosystems and fisheries
The oceans are warming at an alarming rate. 2023 shattered records across the world's oceans, and was the first time that ocean temperatures exceeded 1°C over pre-industrial levels. This led to the emergence of a series of marine heat wave events ac.....»»
1 Thing We"re Talking About: Vehicle recall number drops slightly compared with 2023
BizzyCar's report shows the number of vehicles under recall in the U.S. through the third quarter of 2024 was down 4 percent from the same time a year earlier......»»
CUPS vulnerabilities could be abused for DDoS attacks
While the Common UNIX Printing System (CUPS) vulnerabilities recently disclosed by researcher Simone “evilsocket” Margaritelli are not easily exploited for remote command execution on vulnerable systems, they could offer more opportunity.....»»
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited V.....»»
Mercury"s magnetic landscape mapped in 30 minutes
As BepiColombo sped past Mercury during its June 2023 flyby, it encountered a variety of features in the tiny planet's magnetic field. These measurements provide a tantalizing taste of the mysteries that the mission is set to investigate when it arri.....»»
Thousands of Zimbra servers attacked following email account compromise
The attacks don't seem to be that effective right now, but a patch should still be installed......»»
Spotting AI-generated scams: Red flags to watch for
In this Help Net Security interview, Andrius Popovas, Chief Risk Officer at Mano Bank, discusses the most prevalent AI-driven fraud schemes, such as phishing attacks and deepfakes. He explains how AI manipulates videos and audio to deceive victims an.....»»
Ransomware activity shows no signs of slowing down
Ransomware attacks have seen a significant resurgence, disrupting multiple sectors and affecting global supply chains. Despite efforts to disrupt major ransomware groups, incidents continue to rise, signaling an ongoing and growing threat into 2024......»»
Attackers exploit critical Zimbra vulnerability using cc’d email addresses
When successful, attacks install a backdoor. Getting it to work reliably is another matter. Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimb.....»»
Ukraine Is Decentralizing Energy Production to Protect Itself From Russia
The Energy Act for Ukraine Foundation is equipping schools and hospitals with solar panels and energy storage systems to nullify Russian attacks on the country's power plants......»»
Toxic chemicals from Ohio train derailment lingered in buildings for months
New study offers lessons on how to better protect communities from disasters. On February 3, 2023, a train carrying chemicals jumped the tracks in East Palestine, Ohio, rupturing.....»»
Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)
Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. Proofpoint’s threat researchers say that the attacks started on September 28 – s.....»»