27 novembre 2024 | International, C4ISR, Sécurité

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Critical flaws in CleanTalk’s WordPress plugin allow remote code execution; update to secure your site.

https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html

Sur le même sujet

  • Cyber Command will get a new version of its training platform this fall

    9 juillet 2020 | International, C4ISR, Sécurité

    Cyber Command will get a new version of its training platform this fall

    Mark Pomerleau U.S. Cyber Command's new training platform is slated to deliver the second iteration this fall providing additional capabilities and user capacity, program officials said. The Persistent Cyber Training Environment (PCTE) is an online client that allows Cyber Command's warriors to log on from anywhere in the world to conduct individual or collective cyber training as well as mission rehearsal. The program is being run by the Army on behalf of the joint cyber force and Cyber Command. Officials delivered the first version of the program to Cyber Command in February and the environment was used for the first time in Cyber Command's premier annual tier 1 exercise Cyber Flag in June. The second version is expected to include additional capabilities, including allowing more users to conduct team or individual training. “Things like to be able to schedule, have a calendar to be able to auto-schedule things, to be able to allocate resources because right now it's you can get in and you can do it but how do you deconflict? If you're running a team based event across x number of services how does somebody else come in and do an individual training,” Amit Kapadia, chief engineer for the program, told C4ISRNET in an interview. “Do you have the right infrastructure underneath?” Kapadia added that during the COVID-19 pandemic, there was a surge in platform use due to the remote working, thus, by the end of this year, the program seeks to push additional compute and network capabilities. Leaders are targeting final testing in September and then a roll out in late fall for version 2.0. The program has also sought to deliver incremental capability along the way through what it calls cyber innovation challenges. These are competitions to awards and layer new technologies onto the platform. There was a notice informing industry of the fourth such innovation challenge released recently. Officials told C4ISRNET they expect to release a formal solicitation around August, with plans to award contracts by the end of the year or early next year. The officials noted that just like with the previous innovation challenges, there could be multiple vendors awarded and specifically non-traditional defense vendors. Moreover, they also anticipate to continue these challenges for the foreseeable future even when a vendor is selected to be the integrator for PCTE through what's known as the Cyber Training, Readiness, Integration, Delivery and Enterprise Technology (TRIDENT), a contract vehicle to offer a more streamlined approach for procuring the military's cyber training capabilities. The contract is valued at up to $957 million. This approach, officials said, prevents vendor lock and ensures the program is at the tip of the technological spear. The fourth cyber innovation challenge seeks to ask industry for assistance in traffic generation – which means emulating fake internet traffic on the platform – and assessment, which was a key requirement directly from Cyber Command. “I would say what we've been driven towards right now are high priorities coming down from [Cyber Command commander] Gen. [Paul] Nakasone and Cyber Command for things like CMF assessment,” Kapadia said. “They want to be able now ... all these reps and sets that are happening within PCTE, how am I assessing the performance of the individuals in my teams.” An integrated and agile approach Since the platform was delivered to Cyber Command in February, command leaders have officially taken the burden of running training exercises from the program office, freeing it up to focus on pursuing new technologies and fixes as well as the overall acquisition. In the past, the program office worked with specific units to conduct training events in order to stress the platform and gain valuable feedback. Now, Cyber Command has created what is called the Joint Cyber Training Enterprise, which is the non-material companion to the PCTE platform and seeks to operate and synchronize training hosted by PCTE for the joint force. “The JCTE is a lot like the combat training center ops group where they are managing the platform, they are running the platform, they are running the training,” Lt. Col. Thomas Monaghan, product manager of cyber resiliency and training at Program Executive Office Simulation, Training and Instrumentation, told C4ISRNET. “So we delivered the platform to them and they're using it I would probably say on a weekly basis. They're doing cyber training events that we don't manage that anymore. We don't stand them up. The platform is being used, we're able to concentrate on specific capability, platform enhancements.” JCTE has formalized the cyber training and use of the environment while also coordinating which cyber mission force units need to conduct which types of training, something the program office wasn't equipped to do. Monaghan said his office is in almost hourly, or at least daily, contact with JCTE to better understand what users like, don't like or needs to be fixed. “We've got the program office, we've got the user community, we've got the operational arm of the user community, which is JCTE, we've got the Army capability manager codifying the requirements all working together. We literally talk to each other at least daily,” Monaghan said. “That direct feedback loop is one continuous circle of information. That's the only way a program this robust can be successful.” Program officials said they gained valuable insights from the recently concluded Cyber Flag, which created roughly six months worth of data. They explained that while not every element worked exactly as planned, the nature of the program allows for incremental and ongoing adjustments to be made. By leveraging specific flexible acquisition tools, the program is not as rigid as other typical military platforms, such as tanks. “It's a perfect one for PCTE because it created that box basically saying in laymen's terms we have no idea what this specifically looks like but we have some eye level things that it should do,” Liz Bledsoe, deputy product manager, told C4SIRNET, regarding the types of acquisition mechanisms PCTE is being run under. Monaghan added: “That's the way the platform and the program were structured when the requirements were written, some of them were listed as evolving or threat based or capability ... They're ever evolving, ever enhancing based off the needs of the cyber mission force.” https://www.c4isrnet.com/cyber/2020/07/07/cyber-command-will-get-a-new-version-of-its-training-platform-this-fall/

  • US Navy supercarrier John C. Stennis is headed for a complex overhaul

    15 août 2018 | International, Naval

    US Navy supercarrier John C. Stennis is headed for a complex overhaul

    By: David B. Larter WASHINGTON — Huntington Ingalls Newport News is gearing up to start a yearslong overhaul of the U.S. Navy carrier John C. Stennis, which is shifting home ports from Washington state to Norfolk to get ready for its break from the rotation. The company announced last week it had inked a $187.5 million contract for advanced planning to support Stennis' refueling and complex overhaul, or RCOH, slated to begin in 2021. The contract is for “engineering, design, material procurement and fabrication, documentation, resource forecasting, and pre-overhaul inspections,” according to the announcement. In a statement, HII's head of carrier maintenance said the contract was a critical first step toward getting Stennis started out right. WASHINGTON — Huntington Ingalls Newport News is gearing up to start a yearslong overhaul of the U.S. Navy carrier John C. Stennis, which is shifting home ports from Washington state to Norfolk to get ready for its break from the rotation. The company announced last week it had inked a $187.5 million contract for advanced planning to support Stennis' refueling and complex overhaul, or RCOH, slated to begin in 2021. The contract is for “engineering, design, material procurement and fabrication, documentation, resource forecasting, and pre-overhaul inspections,” according to the announcement. In a statement, HII's head of carrier maintenance said the contract was a critical first step toward getting Stennis started out right. Full Article: https://www.defensenews.com/naval/2018/08/14/us-navy-supercarrier-john-c-stennis-headed-for-layup/

  • Safran garde l'objectif d'une entrée en service opérationnel du Patroller en 2021

    3 mars 2020 | International, Aérospatial

    Safran garde l'objectif d'une entrée en service opérationnel du Patroller en 2021

    Par Michel Cabirol Safran garde l'objectif d'une entrée en service opérationnel du Patroller en 2021. L'armée de Terre est de son côté plus dubitative. Le pari est ambitieux, voire audacieux mais pourquoi pas... Après le crash début décembre d'un drone Patroller peu avant sa livraison à l'armée de Terre, le directeur général de Safran Philippe Petitcolin a pour "objectif de ne pas impacter la mise en service opérationnel (du drone Patroller, ndlr) en 2021", a-t-il expliqué jeudi lors de la présentation des résultats 2019 de Safran. Après avoir trouvé rapidement la panne - un sous-système défaillant -, Safran a pu poursuivre les tests du Patroller avec un pilote à bord (avion dronisé) puisqu'il est dérivé de la plateforme en carbone fabriquée par l'industriel allemand Stemme. Le Patroller était initialement attendu dans les armées fin 2018. Un calendrier compromis ? Dans l'armée de Terre, on reste plus prudent, voire pessimiste sur le calendrier de projection du Patroller en opérations en 2021 à la suite du crash. Et ce d'autant que le calendrier était déjà tendu. "Il y a la nécessité de revoir certains développements non majeurs", explique-t-on à La Tribune. Résultat, le Patroller doit être non seulement livré à l'armée de Terre mais également maîtrisé par les équipages ainsi que les équipes de maintenance. Conclusion, le calendrier semble "compromis", estime-t-on. En outre, ce que ne maîtrise pas Safran, c'est la longueur de l'enquête de sécurité du BEA-É, le bureau enquêtes accidents pour la sécurité de l'aéronautique d'État (anciennement BEAD-air). Interrogé par La Tribune, le BEA-É, qui dispose de 11 enquêteurs, a précisé que l'enquête avançait "à un rythme normal" sans "difficulté". Les enquêtes du BEA-É s'étalent sur une durée de moins d'un an, entre neuf et dix mois en moyenne. Il enquête également sur l'accident des hélicoptères au Mali entraînant la mort fin novembre de 13 soldats français. close volume_off Un premier système devait être remis à l'armée de Terre Le crash sur la commune de Saint-Mitre-les-Remparts à proximité d'Istres (Bouches-du-Rhône), qui n'a pas fit de victime, s'est produit lors d'un vol d'essai mené à partir de la base aérienne 125 d'Istres en vue de sa livraison à l'armée de Terre. Le drone tactique était opéré par les équipes de Safran Electronics & Defense. "Des investigations sont en cours pour déterminer les causes de cet incident", avait réagi à chaud Safran Electronics & Defense, qui développe le Patroller pour le compte de l'armée de Terre. Le premier système (5 avions et deux stations sol) devaient être remis d'ici à la fin de l'année à l'armée de Terre, qui devait mettre en service le Patroller début 2020. Un deuxième système devait être livré en 2020. Au total, l'armée de Terre doit recevoir cinq systèmes et vingt-huit drones tactiques de ce type à l'horizon 2030, selon l'ancien chef d'état-major de l'armée de Terre, le général Jean-Pierre Bosser. Le Patroller sera la "rolls" de l'armée de Terre. Équipé d'une boule optronique gyrostabilisée dernier cri, ce drone tactique vise à répondre aux missions de renseignement au profit des unités tactiques de l'armée de Terre en leur offrant une capacité de surveillance, d'acquisition, de reconnaissance et de renseignement (SA2R). Ce système d'observation est capable de détecter, d'identifier et de localiser, de jour comme de nuit, dans un champ atteignant presque 360°, tous les éléments observés sur une portée de 150 km (14 heures d'autonomie). https://www.latribune.fr/entreprises-finance/industrie/aeronautique-defense/safran-garde-l-objectif-d-une-entree-en-service-operationnel-du-patroller-en-2021-840810.html

Toutes les nouvelles