RSS 생중계

CVE-2021-37131

Latest 7 days CVE Lists - 수, 2021/10/27 - 10:15오전
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

CVE-2021-38450

Latest 7 days CVE Lists - 수, 2021/10/27 - 10:15오전
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

CVE-2011-4124

Latest 7 days CVE Lists - 수, 2021/10/27 - 10:15오전
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.

CVE-2011-4125

Latest 7 days CVE Lists - 수, 2021/10/27 - 10:15오전
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

Adobe Brings New Creative Cloud Apps To M1 Macs and The Web

Slashdot - 수, 2021/10/27 - 10:00오전
During Adobe Max 2021 today, the company announced new features for Creative Cloud's various iPad apps, two more applications running natively on Apple Silicon Macs, and new web versions of some apps, among other things. Ars Technica reports: Adobe said it is adding or improving AI-driven tools across the suite, including an updated Object Selection Tool for Photoshop on Desktop. And some AI tools previously seen in Photoshop, like the Sky Replacement tool, are headed to Lightroom on Mac, iPad, and iPhone for the first time. The iPad version of Photoshop will gain support for RAW images and is getting several new tools and the ability to convert layers into Smart Objects. Illustrator for iPad is getting some improvements, too, most notably the ability to vectorize images and track version history and revert to earlier iterations. Further, After Effects and InDesign are getting Apple Silicon support on recent Macs. It's not all about native applications, though -- Adobe announced this week that it will bring versions of Photoshop and Illustrator to the web. The web versions won't be as robust as the desktop versions, but they will let you make minor edits and provide a way to share and discuss work with colleagues or clients. The apps will allow users to review work and leave comments without launching a native version of Photoshop -- think of it a bit like a stripped-down version of InVision that exists directly inside the Creative Cloud ecosystem. Adobe also said it's launching a system built into Photoshop that can, among other things, "help prove that the person selling an NFT is the person who made it," reports The Verge. "It's called Content Credentials, and NFT sellers will be able to link the Adobe ID with their crypto wallet, allowing compatible NFT marketplaces to show a sort of verified certificate proving the art's source is authentic."

Read more of this story at Slashdot.

카테고리:

Apple's Privacy Rules to Blame For Facebook's Lower Than Expected Quarterly Growth, Says Zuckerberg

Slashdot - 수, 2021/10/27 - 9:20오전
Apple's privacy rules are "negatively affecting" Facebook, and its business, Facebook CEO Mark Zuckerberg claimed during its most recent earnings call. MacRumors reports: As a quick refresher, starting with iOS 14.5 and all newer versions of iOS and iPadOS, Apple requires that apps ask for users' permission to track them across other apps and websites. Under the App Tracking Transparency (ATT) framework, the latest change gives users a choice on whether they wish to be tracked for ads or other purposes. [...] Continuing on its anti-Apple's privacy rules campaign, Facebook CEO Mark Zuckerberg was quick to blame Apple for his company's lower than expected growth in the third quarter of the year. Kicking off the earnings call, Zuckerberg said Apple is "negatively affecting" Facebook but that he believes the company will be able to "navigate" the challenges Apple is presenting thanks to its long-term investments. "As expected, we did experience revenue headwinds this quarter, including from Apple's changes that are not only negatively affecting our business, but millions of small businesses in what is already a difficult time for them in the economy. Sheryl and Dave will talk about this more later, but the bottom line is we expect we'll be able to navigate these headwinds over time with investments that we're already making today." While Zuckerberg and the Facebook executive team hold Apple's changes accountable for this quarter's performance, it may also be an asset. Zuckerberg has in the past stated that ATT could ultimately help Facebook, and it's a sentiment he again repeated during the earning's call. Apple's changes, according to Zuckerberg, are making "e-commerce and customer acquisition less effective on the web." Still, Facebook could benefit from the lessened effectiveness as "solutions that allow businesses to set up shop right inside our apps will become increasingly attractive," Zuckerberg added. Facebook's chief operating officer, Sheryl Sandberg, also criticized Apple and its privacy rules, going as far as to claim that the new rules are negatively impacting Facebook while benefiting Apple's own advertising business: "We've been open about the fact that there were headwinds coming -- and we've experienced that in Q3. The biggest is the impact of Apple's iOS14 changes, which have created headwinds for others in the industry as well, major challenges for small businesses, and advantaged Apple's own advertising business." Despite Facebook facing an avalanche of pressure amid leaked internal documents and scrutiny, Sandberg pointed the finger at Apple for Facebook's lackluster performance this quarter. "Overall, if it wasn't for Apple's iOS 14 changes, we would have seen positive quarter-over-quarter revenue growth," Sandberg said.

Read more of this story at Slashdot.

카테고리:

The 'Dune' Screenplay Was Written In MS-DOS

Slashdot - 수, 2021/10/27 - 8:40오전
An anonymous reader quotes a report from Motherboard: Oscar winning Dune screenwriter Eric Roth banged out the screenplay using the MS-DOS program Movie Master. Roth writes everything using the 30-year-old software. "I work on an old computer program that's not in existence anymore," Roth said in an interview in 2014. "It's half superstition and half fear of change." Roth wrote the screenplay for Dune in 2018 and explained he was still using Movie Master on a Barstool Sports podcast in 2020. That means Dune was written in an MS-DOS program. In the video, he pulled up a DOS window in Windows XP and booted up Movie Master 3.09 on an ancient beige mechanical keyboard. "So now I'm in DOS. Nobody can get on the internet and get this," Roth said. "I have to give them a hard copy. They have to scan it and then put it in their computers and then I have to work through their computer because you can't even email mine or anything. You can't get to it except where it is. It has 40 pages and it runs out of memory." [...] Roth also said the 40 page limit helps him structure his screenplays."I like it because it makes acts," he said. "I realize if I hadn't said it in 40 pages I'm starting to get in trouble." Another writer to use MS-DOS is George RR Martin, notes Motherboard. He apparently used MS-DOS program WordStar "to slowly write ever single Game of Thrones book."

Read more of this story at Slashdot.

카테고리:

TikTok Tells US Lawmakers It Does Not Give Info To China

Slashdot - 수, 2021/10/27 - 8:00오전
During the company's first appearance at a U.S. congressional hearing, TikTok executive Michael Beckerman said it does not give information to the Chinese government and has sought to safeguard U.S. data. Reuters reports: Michael Beckerman, TikTok's head of public policy for the Americas, became the company's first executive to appear before Congress, testifying to a subcommittee of the Senate Commerce Committee. Republicans in particular pressed Beckerman on worries regarding TikTok's stewardship of data on the app's users. Senator Marsha Blackburn, the panel's top Republican, said she is concerned about TikTok's data collection, including audio and a user's location, and the potential for the Chinese government to gain access to the information. Blackburn questioned Beckerman on whether TikTok could resist giving data to China's government if material were to be demanded. "We do not share information with the Chinese government," Beckerman responded. Under questioning by Republican Senator Ted Cruz, Beckerman said that TikTok has "no affiliation" with Beijing ByteDance Technology, a ByteDance entity at which the Chinese government took a stake and a board seat this year. Beckerman also testified that TikTok's U.S. user data is stored in the United States, with backups in Singapore. "We have a world-renowned U.S. based security team that handles access," Beckerman said. Republican Senator John Thune said TikTok is perhaps more driven by content algorithms than even Facebook, as the app is famous for quickly learning what users find interesting and offering them those types of videos. Beckerman said TikTok would be willing to provide the app's algorithm moderation policies in order for the Senate panel to have it reviewed by independent experts.

Read more of this story at Slashdot.

카테고리:

Microsoft Is Force Installing PC Health Check In Windows 10

Slashdot - 수, 2021/10/27 - 7:20오전
Microsoft has begun force installing the PC Health Check application on Windows 10 devices using a new KB5005463 update. BleepingComputer reports: PC Health Check is a new diagnostics tool created by Microsoft and released in conjunction with Windows 11 that provides various troubleshooting and maintenance features. However, its primary use has been to analyze a device's hardware to check if it's compatible with Windows 11. Microsoft says that users who do not want PC Health Check on their system can simply uninstall it using the Settings app. However, readers have told BleepingComputer that they have had to uninstall the application numerous times as the applications keep being reinstalled on the next check for updates. To make matters worse, when attempting to uninstall KB5005463, Windows 10 states that the update is not installed, when that is clearly untrue [...]. BleepingComputer has found a way to block the update from installing PC Health Check on your computer for those who do not want the application installed.

Read more of this story at Slashdot.

카테고리:

CVE-2020-22864

Latest 7 days CVE Lists - 수, 2021/10/27 - 7:15오전
A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.

CVE-2021-23877

Latest 7 days CVE Lists - 수, 2021/10/27 - 7:15오전
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP.

CVE-2021-41866

Latest 7 days CVE Lists - 수, 2021/10/27 - 7:15오전
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.

FBI Raids Chinese Point-of-Sale Giant PAX Technology

Slashdot - 수, 2021/10/27 - 6:40오전
An anonymous reader quotes a report from KrebsOnSecurity: U.S. federal investigators today raided the Florida offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may have been involved in cyberattacks on U.S. and E.U. organizations. Headquartered in Shenzhen, China, PAX Technology Inc. has more than 60 million point-of-sale terminals in use throughout 120 countries. Earlier today, Jacksonville, Fla. based WOKV.com reported that agents with the FBI and Department of Homeland Security (DHS) had raided a local PAX Technology warehouse. In an official statement, investigators told WOKV only that they were executing a court-authorized search at the warehouse as a part of a federal investigation, and that the inquiry included the Department of Customs and Border Protection and the Naval Criminal Investigative Services (NCIS). Several days ago, KrebsOnSecurity heard from a trusted source that the FBI began investigating PAX after a major U.S. payment processor started asking questions about unusual network packets originating from the company's payment terminals. According to that source, the payment processor found that the PAX terminals were being used both as a malware "dropper" -- a repository for malicious files -- and as "command-and-control" locations for staging attacks and collecting information. The source said two major financial providers -- one in the United States and one in the United Kingdom -- had already begun pulling PAX terminals from their payment infrastructure, a claim that was verified by two different sources. The source was unable to share specific details about the strange network activity that prompted the FBI's investigation. But it should be noted that point-of-sale terminals and the technology that supports them are perennial targets of cybercriminals.

Read more of this story at Slashdot.

카테고리:

[$] Android wallpaper fingerprints

lwn.net - 수, 2021/10/27 - 6:28오전
Uniquely identifying users so that they can be tracked as they go about their business on the internet is, sadly, a major goal for advertisers and others today. Web browser cookies provide a fairly well-known avenue for tracking users as they traverse various web sites, but mobile apps are not browsers, so that mechanism is not available. As it turns out, though, there are ways to "fingerprint" Android devices—and likely those of other mobile platforms—so that the device owners can be tracked as they hop between their apps.
카테고리:

Photoshop Will Get a 'Prepare as NFT' Option Soon

Slashdot - 수, 2021/10/27 - 5:58오전
Adobe is launching a system built into Photoshop that can, among other things, help prove that the person selling an NFT is the person who made it. It's called Content Credentials, and NFT sellers will be able to link the Adobe ID with their crypto wallet, allowing compatible NFT marketplaces to show a sort of verified certificate proving the art's source is authentic. From a report: According to a Decoder interview with Adobe's chief product officer Scott Belsky, this functionality will be built into Photoshop with a "prepare as NFT" option, launching in preview by the end of this month. Belsky says attribution data created by the Content Credentials will live on an IPFS system. IPFS (InterPlanetary File System) is a decentralized way to host files where a network of people are responsible for keeping data safe and available, rather than a single company (somewhat similar to how torrent systems work). Adobe says that NFT marketplaces like OpenSea, Rarible, KnownOrigin, and SuperRare will be able to integrate with Content Credentials to show Adobe's attribution information.

Read more of this story at Slashdot.

카테고리:

CVE-2019-3556

Latest 7 days CVE Lists - 수, 2021/10/27 - 5:15오전
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.

150 People Arrested in International Darknet Opioid Probe

Slashdot - 수, 2021/10/27 - 5:10오전
Some 150 people were arrested worldwide and more than $31.6 million in cash and virtual currencies were seized during a 10-month international investigation into opioid trafficking through darknet marketplaces, the Department of Justice announced Tuesday. From a report: The massive probe, called "Operation Dark HunTor," spanned three continents and led to the recovery of about 234 kilograms (over 500 pounds) of illegal drugs, including enough fentanyl to cause more than 4 million lethal doses, according to deputy attorney general Lisa Monaco. A darknet is encrypted online content that can only be accessed with specific browsers and is primarily used to purchase or sell illegal goods or services, especially illegal drugs. 65 people were arrested in the United States, one in Bulgaria, three in France, 47 in Germany, four in the Netherlands, 24 in the United Kingdom, four in Italy and two in Switzerland. Prosecutors allege the suspects were responsible for tens of thousands of illegal sales across the U.S., Europe and Australia.

Read more of this story at Slashdot.

카테고리:

AT&T's Confusing 5G Plus Expansion Confirms T-Mobile Was Right All Along

Slashdot - 수, 2021/10/27 - 4:27오전
AT&T's new 5G Plus expansion gives T-Mobile the perfect "I told you so" moment. From a report: AT&T currently offers two "flavors" of 5G: 5G Plus over the high-band mmWave spectrum and regular 5G, which is comparable to 4G LTE. Now, a blog post details that AT&T is bolstering 5G Plus with the mid-band C-band spectrum in 2022 -- a concept that T-Mobile has been preaching for years. Former T-Mobile CEO John Legere slammed AT&T for not having a mid-band spectrum in 2019, stating that 5G needs a low-band, mid-band, and high-band spectrum to work efficiently. This is because that high-band mmWave 5G offers the fastest speeds over shorter distances, making it best for highly concentrated areas. Conversely, low-band 5G provides the bare minimum for speed over wider areas. Offering 5G service with no in-between isn't ideal -- a mid-band range serves as the median between both spectrums.

Read more of this story at Slashdot.

카테고리:

'Dune' Sequel Greenlit by Legendary and Warner Bros.

Slashdot - 수, 2021/10/27 - 3:49오전
Denis Villeneuve will get the chance to create the second film of his planned two-part adaptation of Frank Herbert's "Dune," Legendary Entertainment and Warner Bros. said Tuesday. From a report: The news comes after Villeneuve's "Dune" tallied $41 million at the domestic box office during its debut over the weekend, a solid haul considering the film also launched on HBO Max Friday. Globally, the film hauled in $220 million. While Warner Bros. seemed keen to greenlight a second film for Villeneuve, Legendary owns the cinematic rights to the novel and had to be onboard in order to continue the story on the big screen. The second film is expected to follow Paul Atreides (Timothee Chalamet) as he joins the Fremen and works to bring peace to the desert planet of Arrakis. "Dune: Part Two" will debut on Oct. 20, 2023.

Read more of this story at Slashdot.

카테고리:

Astronomers Spot First Possible Exoplanet Outside Our Galaxy

Slashdot - 수, 2021/10/27 - 3:05오전
A possible Saturn-sized planet identified in the distant Whirlpool Galaxy could be the first exoplanet to be detected outside the Milky Way. From a report: The exoplanet candidate appears to be orbiting an X-ray binary -- made up of a normal star and a collapsed star or black hole -- with its distance from this binary roughly equivalent to the distance of Uranus from the sun. The discovery opens up a new window to search for exoplanets -- planets orbiting stars beyond our Sun -- at greater distances than ever before. Although nearly 5,000 exoplanets have been detected so far, all of them are in the Milky Way galaxy -- with few further than about 3,000 light years from Earth. An exoplanet in the spiral Messier 51 (M51) galaxy -- also called the Whirlpool Galaxy because of its distinctive shape -- would be about 28m light years away. Dr Rosanne Di Stefano of the Center for Astrophysics at Harvard and Smithsonian in Cambridge, US, who led the research, said: "Since the 1750s, it has been conjectured that the dim distant nebulas, now called galaxies, are island universes: large, gravitationally-bound stellar populations similar to our home, the Milky Way. Our discovery of the planet candidate ... gives us the first peek into external populations of planetary systems, extending the reach of planet searches to distances roughly 10,000 times more distant."

Read more of this story at Slashdot.

카테고리:

페이지

KLDP 수집기 구독하기