Author: Admin

July 25, 2024Information hallContainer Security / Vulnerability Docker warns of a critical flaw affecting some versions of the Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. Tracked as CVE-2024-41110the bypass and elevation of privilege vulnerability has a CVSS score of 10.0, indicating maximum severity. “An attacker could exploit a workaround by using an API request with a content-length set to 0, causing the Docker daemon to redirect the request without a body to the AuthZ plugin, which could validate the request incorrectly,” the Moby project said in an advisory. Docker said the problem…

Introduction Almaida Askandar, one of the founders of IABF Law Group (2003), obtained her law degree from the University of Indonesia (business law). She is fluent in both Indonesian and English. Askandar’s professional experience extends across a number of major capital markets law firms in Jakarta. She has particular expertise in advising on capital markets and securities; corporate and commercial law; M&A; anti-trust; along with litigation court practices and bankruptcy. Askandar is a licensed capital markets lawyer, along with being a registered consultant for Commercial Paper Transaction at Money Market (Lembaga Pendukung Pasar Uang yang Melakukan Kegiatan terkait Surat Berharga…

A zero-day security issue in the Telegram mobile app for Android called EvilVideo has made it possible for attackers to access malicious files disguised as harmless-looking videos. The exploit appeared for sale at an unknown price on an underground forum on June 6, 2024, ESET said. After a responsible disclosure on June 26, the problem was resolved by Telegram in version 10.14.5, released on July 11. “Attackers can share malicious Android payloads through Telegram channels, groups, and chat and make them appear as multimedia files,” — Lukasz Stefanka, security researcher. said in the report. The payload is believed to be…

BEIJING, Jan. 31 (Xinhua) — In 2008, the year China hosted the Summer Olympic Games, the Beijing-Tianjin Intercity Railway was put into operation, unveiling a fast-expanding modern high-speed railway (HSR) network in the world’s second-largest economy.A “Fuxing” high-speed train runs on the Beijing-Tianjin Intercity Railway in Beijing, capital of China, Jan. 25, 2019. (Xinhua/Xing Guangli)The first train of the Beijing-Tianjin Intercity Railway departs from Beijing South Railway Station in Beijing, capital of China, Aug. 1, 2008. (Xinhua/Gong Lei) A driver works on a train running on the Beijing-Tianjin Intercity Railway on Aug. 1, 2008. (Xinhua) A passenger displays a ticket on a…

Security questionnaires aren’t just an inconvenience – they’re a constant challenge for security and sales departments. They take time out of organizations by filling the schedules of professionals with monotonous, automated work. But what if there was a way to reduce or even eliminate security questionnaires altogether? The main problem is not the lack of great questionnaires, but the questionnaires themselves. At SafeBase, we’re not just about transparency—it’s at the heart of everything we do, from how we build our products to how we communicate about them. In the spirit of transparency, in this part we will talk about ours…

Dark/Light Mode (22/07/24)  Mandarin Oriental has signed a management agreement with Harmoni Bali for a luxurious hideaway resort with private residences in Bali, Indonesia. Scheduled to open in 2027, the property will be located in Bali’s southern Bukit peninsula, approximately 30 minutes from I Gusti Ngurah Rai International Airport (DPS) as well as the popular tourist destinations of Jimbaran, Uluwatu and Sanur. Perched on a cliffside plateau of elevated terraces, the Mandarin Oriental Bali will offer dramatic panoramic views of the Indian Ocean’s azure waters, with direct access to a secluded and protected white-sand beach. Mandarin Oriental Bali is scheduled…

July 24, 2024Information hallCyber ​​espionage / threat intelligence A threat actor known as Patchwork has been linked to a cyber attack targeting entities linked to Bhutan to deliver Brute Ratel C4 and an updated version of the backdoor called PGoShell. This development marks the first time an adversary has been spotted using software for the red team, the Knownsec 404 team said in an analysis published last week. The activist group, also known as APT-C-09, Dropping Elephant, Operation Hangover, Viceroy Tiger and Zinc Emerson, is a state-sponsored actor believed to be of Indian origin. The hacking team, known for conducting…

July 24, 2024Hacker newsSaaS Management / IT Management One simple factor is behind today’s explosion of SaaS adoption: productivity. We’ve reached an era where there are purpose-built tools for almost every aspect of modern business, and it’s incredibly easy (and tempting) for your employees to adopt these tools without going through a formal IT approval and procurement process. But this trend has also increased the attack surface, and with it security and governance issues that are still seen as 100% the responsibility of IT and security departments. IT security leaders need scalable solutions Discovering SaaS and managing this ever-expanding attack…

Indonesia ranks number 25 out of 131 countries globally in exploration and production (E&P) which refers to investment attractiveness to oil and gas exploration and production in 2018, according to Petroleum Economics and Policy Solutions’ (PEPS) report. The ranks also put Indonesia in the top list among ASEAN countries. Deputy Energy and Mineral Resources (ESDM) Minister Arcandra Tahar said that the report showed that Indonesia’s oil and gas management has successfully encouraged investment in the sector. “It is also related to the efforts to improve fiscal policies on oil and gas sector,” the Deputy Minister said in Jakarta, Thursday (14/2).…

July 24, 2024Information hallSoftware update / IT failure Cybersecurity firm CrowdStrike on Wednesday blamed a problem in its verification system that caused millions of Windows devices to crash as part of widespread blackout at the end of last week. “On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to collect telemetry data about possible new threat methods,” the company said in a statement. said in its preliminary post-incident review (PIR). “These updates are a regular part of the dynamic protection mechanisms of the Falcon platform. A…