Latest News

More than half of attacks on Indian businesses come from outside the country, while 45% of those targeting consumers come from Cambodia, Myanmar, and Laos.

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.

In a letter to a US senator, a Florida-based data broker says it obtained sensitive data on US military members in Germany from a Lithuanian firm, revealing the global nature of online ad surveillance.

The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the `update response` field not having Data Converter transformations (e.g. encryption) applied. This is an issue only when using the UpdateWorkflowExecution APIs (released on 13th January 2025) with a proxy leveraging the api-go library before version 1.44.1. Other data fields were correctly sent to Data Converter. This issue does not impact the Data Converter server. Data was encrypted in transit. Temporal Cloud services are not impacted.

An issue in Anyscale Inc Ray between v.2.9.3 and v.2.40.0 allows a remote attacker to execute arbitrary code via a crafted script.

The analyst firm recommends defining security and governance processes while reducing friction for business stakeholders.

The combined companies will create a seamless ecosystem of trust, governance, risk, and compliance.

### Impact The search end-point response headers contain information about Elasticsearch software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. ### Patches GeoNetwork 4.4.5 / 4.2.10 ### Workarounds None ### References - [CVE-2024-32037](https://www.cve.org/CVERecord?id=CVE-2024-32037) - [Search service](https://docs.geonetwork-opensource.org/4.4/api/search/) ### Credits - [Ministry of Economic Affairs and Climate Policy](https://www.rijksoverheid.nl/ministeries/ministerie-van-economische-zaken-en-klimaat), The Netherlands.

A CSRF vulnerability has been identified in the ABB Cylon FLXeon series. However, exploitation is limited to specific conditions due to the server's CORS configuration (Access-Control-Allow-Origin: * without Access-Control-Allow-Credentials: true). The vulnerability can only be exploited under the following scenarios: Same Domain: The attacker must host the malicious page on the same domain as the target server. Man-in-the-Middle (MitM): The attacker can intercept and modify traffic between the user and the server (e.g., on an unsecured network). Local Area Network (LAN) Access: The attacker must have access to the same network as the target server. Subdomains: The attacker can host the malicious page on a subdomain if the server allows it. Misconfigured CORS: The server’s CORS policy is misconfigured to allow certain origins or headers. Reflected XSS: The attacker can exploit a reflected XSS vulnerability to execute JavaScript in the context of the target origin.

Privacy, security, and unrestricted access are the promises of a personal VPN. But what does it actually do,…