Agregátor RSS

Frigate NVR 0.16.3 - Remote Code Execution

Js2Py 0.74 - RCE

Camaleon CMS v2.9.0 - Path Traversal

Cybersecurity AI (CAI) Framework 0.5.10 - Command Injection

Erugo 0.2.14 - Remote Code Execution (RCE)

deephas 1.0.7 - Prototype Pollution

SUSE Manager 4.3.15 - Code Execution

Od úterý 28. dubna musí nově uváděné notebooky v Evropské unii podporovat nabíjení přes USB-C. Jednotná nabíječka byla schválena Evropským parlamentem v říjnu 2022.

Studie, která se snaží porovnávat srovnatelné systémy, ve kterých figuruje třetí pilíř, poukázala na dobrou výkonnost penzijních společností, ale vyšší úroveň poplatků.

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems. [...]

The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users' sites. [...]

Byly publikovány informace o kritické zranitelnosti CVE-2026-31431 pojmenované Copy Fail v Linuxu, konkrétně v kryptografii (AF_ALG). Běžný uživatel může získat práva roota (lokální eskalaci práv). Na všech distribucích Linuxu vydaných od roku 2017. Pomocí 732bajtového skriptu. V upstreamu je již opraveno. Zranitelnost byla nalezena pomocí AI Xint Code.

Přehled březnových vydání Jaderných novin: stav vydání jádra, citáty týdne a seznam článků týkajících se jádra.

Zaměstnankyně způsobila požár a přisvojila si peníze i majetek zaměstnavatele. Smí takový dluh vymáhat firma, na kterou byl postoupen?

O předchozích verzích jsem napsal, že změny byly primárně interní. Devatenáctka je jiná. Tam je viditelných změn opravdu hodně. Nová verze je pelmelem nových funkcí a různých vylepšení, menších nebo větších.

Dnes se zaměříme na popis techniky nazvané dynamický výběr (dynamic dispatch) v Pythonu. Ve standardní knihovně je podporován single dispatch, a to jak pro funkce, tak i pro metody. Rozšířením této techniky vzniká multiple dispatch.

AI datové centrum Stratos, které vznikne v Utahu, dostalo zelenou od regulačních orgánů. 9GW řešení bude napájené výlučně z vlastních zdrojů navýší energetickou výrobu v zemi více než na trojnásobek…

Do Japonska se valí davy turistů. Problém je, že Japonsku dochází pracovní síla a zahraniční zaměstnanci přinášejí spoustu dalších komplikací. Řešením by se mohli stát humanoidi. Na letitě Haneda již letos v květnu nastupují do zkušebního provozu humanoidu G1 čínských Unitree. Kdy se asi nějací objeví i u nás?

Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers. [...]

GPS spoofing, which sends fake satellite-like signals, and GPS jamming, which drowns receivers in noise, are increasingly serious problems. Researchers at Oak Ridge National Laboratory in Tennessee have created what they say is the most effective system yet for detecting GPS interference, which could help blunt such attacks. ORNL said Wednesday that a group of boffins led by researcher Austin Albright has developed a new portable device that can detect both spoofing, which sends fake signals that mimic GPS satellite signals to provide bad location data, and jamming, which simply floods GPS receivers with noise. The device can operate from a vehicle to detect attacks on commercial trucks and warn drivers, the lab said, and tests with the US Department of Homeland Security suggest it's sensitive enough to outperform industry-developed systems that already exist.  That sensitivity would be notable enough, but ORNL said that the device is able to do something else that no known GPS interference detector can: It's able to detect spoofing even when fake and real signals are equally strong.  The ORNL device also operates entirely independently of GPS: It doesn't even have a GPS-specific receiver or knowledge of expected GPS signals, according to the lab. Instead, it consists of just a couple of well-known pieces of equipment, namely a software-defined radio and an embedded GPU, and what ORNL said is a new mathematical radio frequency analysis method to separate legit signals from malicious ones. The GPU's role is simply to perform the math in real time to detect spoofs or jams.  "Trucking needs a solution that works without special conditions or dependence on a trusted reference source," Albright said of the new device in ORNL's writeup. "Ours is the best in the world."  With the successful testing of the device completed, Albright and his team are now looking at ways to make the thing cheaper to produce, which we can imagine might include replacing the GPU with something less in-demand by the AI industry.  GPS spam: Not just a problem for planes We've reported plenty on GPS spoofing and jamming at The Register, but most of our writing on the topic has focused on aviation, with issues like GPS spoofing rampant at multiple airports in India, disrupting a flight carrying European Commission President Ursula von der Leyen, and generally rising to the level of being a serious flight safety concern for aviators around the world.  ORNL acknowledged the problem of GPS interference in aviation in its writeup, and while the device could potentially help detect attacks against aircraft, the lab’s immediate focus appears to be protecting truckers moving goods across the US. As an example, ORNL pointed to an incident last year in which two tractor-trailer loads of tequila from a brand co-founded by celebrity chef and Flavortown mayor Guy Fieri and former Van Halen singer Sammy Hagar were stolen. GPS spoofing was used during the crime to keep those waiting for the estimated 24,000 bottles from getting suspicious that the trucks weren't on course.  Some of the booze was eventually recovered in California (it was supposed to be delivered to Pennsylvania), but not before Fieri said the company had to lay people off due to the losses.  While stolen tequila is bad, the same attacks could also be used to waylay or misdirect shipments carrying everything from personal packages to nuclear materials and other essential goods. "Everyone uses cargo monitoring with GPS tracking, whether for your personal packages, your pizza, or nuclear materials," Albright said, adding that the device would act like any other sort of alarm to alert a driver that something's amiss.  "Like a carbon monoxide alarm alerts you to an invisible danger, spoofing detection is critical to alerting us to a new invisible danger," Albright said. Drivers with one of the ORNL devices, for example, could get an alert, "know something bad is happening and call someone," potentially protecting the driver, their shipment, and people who would be harmed by its loss.  We reached out to ORNL to learn more about the future of the project, but the lab wasn't able to meet our deadline. ®