Feed aggregator

Article URL: https://lexfridman.com/dario-amodei/

Comments URL: https://news.ycombinator.com/item?id=42114889

Points: 1

# Comments: 0

Article URL: https://www.reuters.com/world/europe/spains-flood-survivors-strive-save-their-photos-memories-2024-11-11/

Comments URL: https://news.ycombinator.com/item?id=42114882

Points: 1

# Comments: 0

Article URL: https://tweedegolf.nl/en/blog/140/rust-needs-an-official-specification

Comments URL: https://news.ycombinator.com/item?id=42114874

Points: 2

# Comments: 0

Article URL: https://www.heise.de/en/opinion/Analysis-and-opinion-Sophos-and-the-broken-vow-10013195.html

Comments URL: https://news.ycombinator.com/item?id=42114866

Points: 3

# Comments: 0

Article URL: https://nat.au.dk/en/about-the-faculty/news/show/artikel/beviserne-hober-sig-op-mennesket-stod-bag-udryddelsen-af-store-pattedyr

Comments URL: https://news.ycombinator.com/item?id=42114865

Points: 2

# Comments: 0

With limited broadband options in Eugene, here are the best internet providers offering reliable service in the area.

Article URL: https://www.poormark.com/p/ftx

Comments URL: https://news.ycombinator.com/item?id=42114855

Points: 2

# Comments: 0

Article URL: https://english.elpais.com/science-tech/2024-11-11/what-science-reveals-about-our-tendency-toward-corruption.html

Comments URL: https://news.ycombinator.com/item?id=42114852

Points: 2

# Comments: 0

Article URL: https://www.weavy.com/blog/10-ways-to-increase-user-engagement-in-your-low-code-app

Comments URL: https://news.ycombinator.com/item?id=42114848

Points: 1

# Comments: 0

Article URL: https://discussions.apple.com/docs/DOC-8841

Comments URL: https://news.ycombinator.com/item?id=42114844

Points: 1

# Comments: 0

Fortinet has released security updates to address vulnerabilities in multiple products, including FortiOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply necessary updates:

• FG-IR-23-396 ReadOnly Users Could Run Some Sensitive Operations
• FG-IR-23-475 FortiOS - SSLVPN Session Hijacking Using SAML Authentication
• FG-IR-24-144 Privilege Escalation via Lua Auto Patch Function
• FG-IR-24-199 Named Pipes Improper Access Control

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following and apply necessary updates:

• Microsoft Security Update Guide for November

Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.    

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:  

• Security update available for Adobe Bridge | APSB24-77
• Security update available for Adobe Audition | APSB24-83
• Security update available for Adobe After Effects | APSB24-85
• Security update available for Adobe Substance 3D Painter | APSB24-86
• Security update available for Adobe Illustrator| APSB24-87
• Security update available for Adobe InDesign | APSB24-88
• Security update available for Adobe Photoshop | APSB24-89
• Security update available for Adobe Commerce | APSB24-90

Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM), Ivanti Avalanche, Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Security Access Client.

CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates:

• Ivanti Security Advisory EPM
• Ivanti Security Advisory Avalanche
• Ivanti Security Advisory Connect Secure, Ivanti Policy Secure, and Ivanti Security Access Client

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2021-26086 Atlassian Jira Server and Data Center Path Traversal Vulnerability
• CVE-2014-2120 Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
• CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability
• CVE-2024-43451 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
• CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

The Cybersecurity and Infrastructure Security Agency (CISA), through the Joint Cyber Defense Collaborative (JCDC), enabled proactive coordination and information sharing to bolster cybersecurity ahead of the 2024 Olympic and Paralympic Games in Paris. Recognizing the potential for cyber threats targeting the Games, CISA worked to strengthen U.S. private sector ties and facilitate connections with key French counterparts to promote collective defense measures.

Utilizing its role as a key facilitator between public and private sector partners, JCDC established monitoring channels and launched cyber threat information-sharing forums to prepare for significant incidents. Throughout the Games, JCDC industry partners remained vigilant, promptly alerting CISA to any potential impacts on Olympic and Paralympic activities. This allowed CISA to provide prompt updates and share critical information with the French Agence Nationale de la Sécurité des Systèmes d'Information to aid swift response efforts.

This collaboration underscores JCDC’s essential role in uniting global partners to defend against cyber challenges that threaten national security and international events. The partnership highlights the value of voluntary information sharing to build trust and strengthen the protection of critical infrastructure in an evolving threat landscape. For more information about JCDC’s initiatives, visit the JCDC Success Stories webpage and CISA.gov/JCDC. 

Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  

 CISA encourages users and administrators to review the following and apply necessary updates:   

• NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535

• Citrix Session Recording Security Bulletin for CVE-2024-8068 and CVE-2024-8069

CISA released five Industrial Control Systems (ICS) advisories on November 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-317-01 Subnet Solutions PowerSYSTEM Center
• ICSA-24-317-02 Hitachi Energy TRO600
• ICSA-24-317-03 Rockwell Automation FactoryTalk View ME
• ICSA-23-306-03 Mitsubishi Electric MELSEC Series (Update A)
• ICSA-23-136-01 Snap One OvrC Cloud (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and international partners released joint Cybersecurity Advisory, 2023 Top Routinely Exploited Vulnerabilities.

This advisory supplies details on the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors and their associated Common Weakness Enumeration(s) (CWE) to help organizations better understand the impact of exploitation. International partners contributing to this advisory include:

• Australian Signals Directorate’s Australian Cyber Security Centre
• Canadian Centre for Cyber Security
• New Zealand National Cyber Security Centre and New Zealand Computer Emergency Response Team
• United Kingdom’s National Cyber Security Centre

The authoring agencies urge all organizations to review and implement the recommended mitigations detailed in this advisory. The advisory provides vendors, designers, and developers a guide for implementing secure by design and default principles and tactics to reduce the prevalence of vulnerabilities in their software and end-user organizations mitigations. Following this guidance will help reduce the risk of compromise by malicious cyber actors.

Vendors and developers are encouraged to take appropriate steps to provide products that protect their customers’ sensitive data. To learn more about secure by design principles and practices, visit CISA’s Secure by Design.

Hide your home address from websites and profiles with our expert guide.