Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits
With the ability to manage huge fleets of servers, BMCs are ideal places to stash malware. Enlarge (credit: Getty Images) If your organization uses servers that are equipped with baseboard management controllers from Sup.....»»
Team pioneers a "one-pot platform" to promptly produce mRNA delivery particles
Imagine a scenario where a skilled hacker must upload critical software to update a central server and thwart a potentially lethal virus from wreaking havoc across a vast computer network. The programmer, armed with the lifesaving code, must navigate.....»»
Evidence of water vapor detected in the atmosphere of Smertrios
Using the CARMENES spectrograph, astronomers have found evidence of water vapor in the atmosphere of a hot Saturn exoplanet designated HD 149026 b, dubbed Smertrios. The finding, reported in a research paper published on the preprint server arXiv, co.....»»
YouTube"s server-side ad insertion complicates ad blocking efforts
YouTube"s server-side ad insertion complicates ad blocking efforts.....»»
Nova eruption of V1716 Sco inspected in X-rays and gamma rays
Astronomers from China and Taiwan have observed the nova eruption of V1716 Sco that took place last year, using various X-ray and gamma-ray space observatories. Results of the observational campaign, presented June 27 on the preprint server arXiv, pr.....»»
Vulnerabilities found in Swift repository left millions of iPhone apps exposed
The open-source Swift and Objective-C repository, CocoaPods, had multiple vulnerabilities that left millions of iOS and macOS apps exposed to potential attacks for a decade, but it is now patched.CocoaPods leave millions of iOS and macOS apps vulnera.....»»
3 million iOS and macOS apps were exposed to potent supply-chain attacks
Apps that used code libraries hosted on CocoaPods were vulnerable for about 10 years. Enlarge (credit: Aurich Lawson) Vulnerabilities that went undetected for a decade left thousands of macOS and iOS apps susceptible to.....»»
NIST says NVD will be back on track by September 2024
The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and Exposures (CVEs) for inclusion in the National Vulnerability Database (NVD),.....»»
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)
Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM.....»»
RansomLord: Open-source anti-ransomware exploit tool
RansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption. “I created RansomLord to demonstrate ransomware is not invincible, has vulnerabilities and its developers make mista.....»»
The evolution of security metrics for NIST CSF 2.0
CISOs have long been spreadsheet aficionados, soaking up metrics and using them as KPIs for security progress. These metrics have traditionally measured specific systems or single indicators — vulnerabilities detected, percentage of vulnerabilities.....»»
Cybersecurity teams gear up for tougher challenges in 2024
In this Help Net Security video, Tom Gorup, VP of Security Services at Edgio, discusses the continually changing threat landscape. It is riddled with vulnerabilities that are frequently exploited and only intensify as geopolitics and state-sponsored.....»»
Starlinks can produce surprisingly bright flares for pilots
How can sunlight reflecting off SpaceX's Starlink satellites interfere with ground-based operations? This is what a study recently posted to the arXiv preprint server hopes to address as a pair of researchers investigate how Starlink satellites appea.....»»
The Artificial Intelligence Era Faces a Threat from Directed Energy Weapons
Autonomous and AI-enabled systems increasingly rely on optical and radio frequency sensors and significant computer power. They face growing vulnerabilities from directed-energy laser and microwave weapons.....»»
Observations explore open cluster NGC 1513
Using the National Astronomical Observatory (OAN) in Mexico, astronomers have observed an open cluster known as NGC 1513. Results of the observations, presented in a paper published May 16 on the pre-print server arXiv, yield crucial information rega.....»»
Little Snitch visualization makes it easier to monitor Mac network traffic
The popular security utility Little Snitch, which monitors Mac network traffic for suspicious activity, has been updated to a much more modern interface, with a whole range of new features. Key among these is DNS encryption, which shields server n.....»»
GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)
A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of poten.....»»
A root-server at the Internet’s core lost touch with its peers. We still don’t know why.
For 4 days, the c-root server maintained by Cogent lost touch with its 12 peers. Enlarge For more than four days, a server at the very core of the Internet’s domain name system was out of sync with its 12 root server.....»»
DNS glitch that threatened Internet stability fixed; cause remains unclear
For 4 days, the c-root server maintained by Cogent lost touch with its 12 peers. Enlarge For more than four days, a server at the very core of the Internet’s domain name system was out of sync with its 12 root server.....»»
AU10TIX Risk Assessment Model identifies potential vulnerabilities
AU10TIX launched a free Risk Assessment Model that enables businesses to conduct an initial assessment of their exposure to operational, security and identity fraud risk. Drawing insights from billions of transactions processed globally and years of.....»»
Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)
Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its web interface as any user. With no user interaction required for remote exploitat.....»»