Latest news with #SSRF
Business Wire
9 hours ago
- Business
- Business Wire
CleanJoule's SpaceSAF Successfully Fuels a Rotating Detonation Rocket Engine
PARIS--(BUSINESS WIRE)--In a first-of-its-kind test, CleanJoule's high-performance alternative rocket fuel, SpaceSAF, was successfully used to power a Rotating Detonation Rocket Engine (RDRE) developed by Venus Aerospace, marking a major validation of next-generation fuel compatibility with cutting-edge propulsion systems. The ground test was conducted at Venus's Houston-based test site and represents a significant step forward in expanding the operational flexibility of RDRE technology across dual use missions. The successful detonation of an RDRE utilizing SpaceSAF proves that alternative fuels can deliver on both performance and emissions needs in commercial and defense applications. Share 'Without affordable, domestically-produced alternative fuels, the financial and environmental costs of space missions become unsustainable,' said Mukund Karanjikar, CEO and founder, CleanJoule. "The successful detonation of an RDRE utilizing SpaceSAF proves that alternative fuels can deliver for both performance and emissions needs in commercial and defense applications.' SpaceSAF is a drop-in replacement for liquid (RP-1 & RP-2) rocket fuels that improves mission performance including increasing payload and distance. From the same base material used to produce SpaceSAF, CleanJoule also produces a sustainable solid rocket fuel (SSRF) for use as a superior performance, drop-in replacement for existing solid rocket motors. This milestone comes at a critical time with an ecosystem emerging that is focused on expanding access to space across satellite deployment, exploration, and defense systems. As more frequent launches drive up related CO2 emissions, the need for performant alternatives to conventional rocket fuels is urgent. 'This test helps advance an important conversation in aerospace: how to pair next-gen propulsion with alternative fuels that don't compromise on performance,' said Nick Cardwell, VP of Product and Advanced Concepts, Venus Aerospace. 'CleanJoule's work on high-performance, low-emissions fuels contributes meaningfully to an evolving space and defense ecosystem, and we're pleased to see their product perform under real operational conditions.' About CleanJoule CleanJoule Inc., headquartered in Salt Lake City, Utah, is an advanced fuels company that enhances performance across commercial and defense aerospace. CleanJoule's breakthrough pathway produces the only full performance, 100 percent drop-in advanced fuel that can be used for commercial, military, and space applications. CleanJoule's focus is on distributed manufacturing of advanced aviation fuels using readily available domestic biomass feedstocks, further ensuring supply chain resilience. CleanJoule's manufacturing process has superior efficiency while increasing energy density and reducing carbon emissions, soot, and contrail formation. Backed by Indigo Partners, Cleanhill Partners, GenZero, Frontier Airlines, Wizz Airlines, and Volaris, CleanJoule is on a mission to create superior aerospace and defense fuels that enable domestic supply chain resiliency. For more information, visit
NZ Herald
02-05-2025
- General
- NZ Herald
Social issues demand genuine collaboration, not competition
Authentic collaboration is a process by which all perspectives work jointly as equals towards a shared goal. It is characterised by trust, respect, open and transparent communication, active listening and empathy, and a willingness to compromise. It ultimately leads to a solution everyone can agree with and benefit from. Everyone must contribute to the process and be accountable for the outcome, fostering shared responsibility. The Survivor of Abuse in Care Hui last year beautifully illustrates different perspectives working together authentically. There was no funding, so the collaboration saw a volunteer mix of survivor, supporter, community, government, and religious representation. Potentially a recipe for disaster with all these perspectives collaborating in a sensitive space with next to no resources, but it was the opposite. We had a goal. To unite and support survivors through the Royal Commission of Inquiry into Abuse in State Care and Faith-Based Institutions apology and redress process, and to educate ourselves on how to do so in a way meaningful to survivors. There were sensitivities from all perspectives, many moments that were emotionally confronting. But together we worked through it with honest communication and genuine support for each other. We built trust by creating safety to speak authentically and understanding by listening and showing empathy. The hui received attention nationally. Our collaborative efforts resulted in Survivor Support and Recognition Fund (SSRF) funding for our region. We coordinated and received the full amount we requested. We did not, however, request as much as we could. The pot was limited and there are many survivors nationally deserving of support. Advertise with NZME. In the journey towards apology and redress, survivors and their supporters fought hard, including taking their case to the United Nations Committee Against Torture and Committee on the Rights of the Child. While the outcome represents a significant step in healing and accountability, the apology was a long time coming and the redress process is only just beginning. We still have much to learn as a society, not just in terms of overt harm, but also the covert harm that we inflict on each other, unintentional or otherwise. As advocates challenging mainstream belief systems, we are often met with resistance. This happens across the board. In voicing alternative perspectives, we risk being perceived as naive, uneducated, or if we persist, difficult. There may be consequences. The people we are networking and collaborating with are often the same people who make funding decisions, and between us we are competing for limited funding. Funding decisions impact directly on our organisations, the people and communities we support, our jobs, and those of our colleagues. There are so many fine lines and conflicts of interest for us to navigate. While some competition is good and keeps us all accountable, too much competition is counterproductive. During the Covid-19 pandemic we saw considerable Covid-19 Response and Recovery Fund (CRRF) funding directed to social service organisations supporting identified vulnerable and disadvantaged populations. Funding has purportedly returned to pre-Covid levels. However, many organisations are reporting difficulties accessing funding exceeding pre-Covid levels, particularly grassroots organisations. In our decline letters, community funders are reporting unprecedented demand for contestable funding far exceeding supply. Simultaneously, government agencies are grappling with cutbacks, creating more gaps in service delivery, effectively pushing more work our way. Are we authentically working collaboratively to use available resources wisely? Or are we just giving the appearance of doing so in this competitive environment to meet KPIs, tick the funding criteria box, remain viable, or to meet a predetermined outcome? And the big question, if it's this hard for us trying to navigate these dynamics, how much harder is it for the people and communities we support? Over the past two months, I have received overwhelming positive feedback and support for this column from individuals from all corners of our community. Advertise with NZME. It's sparked conversations about how we can all be more accountable and work more collaboratively to address social issues in a way that benefits us all. So, if we're doing the best we can, what is standing in our way? Power dynamics, hierarchies, and control of resources are barriers to cohesion and collaboration. Resistance to change, new ideas and perspectives can further impact. When resources are limited, and interests and priorities conflict, it is human nature to feel distrustful and competitive. Cultural, belief system, and personality differences can further complicate. Advertise with NZME. Lack of understanding, communication and coordination results in organisations and agencies working in silos. When we align with others while still excluding alternative perspectives, we are still working in silos. Understanding these dynamics and working purposefully collaboratively can help us mitigate them. Authentic collaboration costs nothing and everyone stands to benefit. Times are tough for everyone, and cracks are appearing. Police are stepping away from mental health callouts to focus resources on core policing. The health system is stretched and there is concern that mental health services are not resourced to compensate. Community organisations are even more under-resourced to pick up the slack. The impact on the increasing number of people experiencing mental health issues and our wider community has the potential to be significant. Research shows the availability of services and support is an essential factor in reducing mental health issues, and the availability of timely crisis support is a crucial safety net for people in immediate need.
Mid East Info
25-03-2025
- Business
- Mid East Info
Positive Technologies helps fix a vulnerability in Veeam Service Provider Console - Middle East Business News and Information
The server-side request forgery (SSRF) vulnerability could be used for attacks on internal corporate networks Backup solutions vendor Veeam Software eliminated a vulnerability in Veeam Service Provider Console, a management platform used by backup and disaster recovery service providers. The security flaw CVE-2024-45206 (BDU:2024-1170) was discovered by PT SWARM expert Nikita Petrov. The vendor was notified of the threat in line with the responsible disclosure policy and has already released a software patch. The SSRF vulnerability, rated 6.5 on the CVSS 3.0 scale, affected versions 7.x through 8.0.x. When exploited, this vulnerability could hypothetically expose companies to attacks on internal networks, since it allowed an attacker to send arbitrary HTTP requests to external or internal resources on behalf of the server. To address the vulnerability, users should promptly update to Veeam Service Provider Console version 8.1.0.21377 or later. According to the vendor , Veeam solutions are used by more than 550,000 customers from different countries, including 74% of Forbes Global 2000 companies. According to publicly available search engines, the list of the most active users of Veeam products is headed by the United States, Germany, and France, while UAE ranks 32nd. Veeam has the largest market share among global data replication and protection software vendors and has been named a leader in Gartner's Magic Quadrant for Enterprise Backup and Recovery Software Solutions report for eight years in a row. Veeam Service Provider Console could potentially be attacked directly from the web. As of January 2025, open-source data indicated that there were 2587 vulnerable systems worldwide. The majority of installations are in the United States (26%), Türkiye (20%), Germany and Great Britain (6% each), Canada and France (5% each). 'Before the patch was released, the vulnerability primarily posed a risk to large enterprise segment companies—the main users of Veeam Service Provider Console,' said Nikita Petrov, a Senior Penetration Testing Specialist in the Security Analysis Department, Positive Technologies. 'Attackers could initiate a request from the server to a resource that is not accessible from the outside and gain the ability to interact with it. This would allow them to obtain information about the victim's network infrastructure and thus simplify the implementation and subsequent development of attacks. For example, one possible consequence of the penetration could be the exploitation of vulnerabilities present in internal systems.' This is not the first vulnerability in Veeam Software products that Positive Technologies experts have helped to fix. In 2022, Nikita Petrov discovered two security flaws at once in Veeam Backup & Replication, a popular backup system for automating backup and disaster recovery. Another flaw was discovered in Veeam Agent for Microsoft Windows, a Windows data backup software. To block attempts to exploit SSRF vulnerabilities, Positive Technologies recommends using advanced security solutions, including web application firewalls like PT Application Firewall (also available in the cloud version: PT Cloud Application Firewall). A firewall allows you to protect applications without making changes to them when a company is unable to install a patch released by the vendor. To detect vulnerabilities of this type during software development, you should use a static code analyzer like PT Application Inspector . In addition, NTA solutions, such as PT Network Attack Discovery (PT NAD) , and network traffic analysis tools, like PT NGFW , will help you promptly detect attempts to exploit vulnerabilities within your company's network perimeter. NGFWs go beyond merely detecting exploitation attempts—they prevent them by using an IPS module.
Channel Post MEA
25-03-2025
- Business
- Channel Post MEA
Positive Technologies Fixes Veeam Service Provider Console Vulnerability
Backup solutions vendor Veeam Software eliminated a vulnerability in Veeam Service Provider Console, a management platform used by backup and disaster recovery service providers. The security flaw CVE-2024-45206 ( BDU:2024-1170 ) was discovered by PT SWARM expert Nikita Petrov. The vendor was notified of the threat in line with the responsible disclosure policy and has already released a software patch . The SSRF vulnerability, rated 6.5 on the CVSS 3.0 scale, affected versions 7.x through 8.0.x. When exploited, this vulnerability could hypothetically expose companies to attacks on internal networks, since it allowed an attacker to send arbitrary HTTP requests to external or internal resources on behalf of the server. To address the vulnerability, users should promptly update to Veeam Service Provider Console version 8.1.0.21377 or later. According to the vendor , Veeam solutions are used by more than 550,000 customers from different countries, including 74% of Forbes Global 2000 companies. According to publicly available search engines, the list of the most active users of Veeam products is headed by the United States, Germany, and France, while UAE ranks 32nd. Veeam has the largest market share among global data replication and protection software vendors and has been named a leader in Gartner's Magic Quadrant for Enterprise Backup and Recovery Software Solutions report for eight years in a row. Veeam Service Provider Console could potentially be attacked directly from the web. As of January 2025, open-source data indicated that there were 2587 vulnerable systems worldwide. The majority of installations are in the United States (26%), Türkiye (20%), Germany and Great Britain (6% each), Canada and France (5% each). 'Before the patch was released, the vulnerability primarily posed a risk to large enterprise segment companies—the main users of Veeam Service Provider Console,' said Nikita Petrov, a Senior Penetration Testing Specialist in the Security Analysis Department, Positive Technologies. 'Attackers could initiate a request from the server to a resource that is not accessible from the outside and gain the ability to interact with it. This would allow them to obtain information about the victim's network infrastructure and thus simplify the implementation and subsequent development of attacks. For example, one possible consequence of the penetration could be the exploitation of vulnerabilities present in internal systems.' This is not the first vulnerability in Veeam Software products that Positive Technologies experts have helped to fix. In 2022, Nikita Petrov discovered two security flaws at once in Veeam Backup & Replication, a popular backup system for automating backup and disaster recovery. Another flaw was discovered in Veeam Agent for Microsoft Windows, a Windows data backup software. To block attempts to exploit SSRF vulnerabilities, Positive Technologies recommends using advanced security solutions, including web application firewalls like PT Application Firewall (also available in the cloud version: PT Cloud Application Firewall). A firewall allows you to protect applications without making changes to them when a company is unable to install a patch released by the vendor. To detect vulnerabilities of this type during software development, you should use a static code analyzer like PT Application Inspector . In addition, NTA solutions, such as PT Network Attack Discovery (PT NAD) , and network traffic analysis tools, like PT NGFW , will help you promptly detect attempts to exploit vulnerabilities within your company's network perimeter. NGFWs go beyond merely detecting exploitation attempts—they prevent them by using an IPS module. 0 0
Zawya
25-03-2025
- Business
- Zawya
Positive Technologies helps fix a vulnerability in Veeam Service Provider Console
Backup solutions vendor Veeam Software eliminated a vulnerability in Veeam Service Provider Console, a management platform used by backup and disaster recovery service providers. The security flaw CVE-2024-45206 (BDU:2024-1170) was discovered by PT SWARM expert Nikita Petrov. The vendor was notified of the threat in line with the responsible disclosure policy and has already released a software patch. The SSRF vulnerability, rated 6.5 on the CVSS 3.0 scale, affected versions 7.x through 8.0.x. When exploited, this vulnerability could hypothetically expose companies to attacks on internal networks, since it allowed an attacker to send arbitrary HTTP requests to external or internal resources on behalf of the server. To address the vulnerability, users should promptly update to Veeam Service Provider Console version 8.1.0.21377 or later. According to the vendor, Veeam solutions are used by more than 550,000 customers from different countries, including 74% of Forbes Global 2000 companies. According to publicly available search engines, the list of the most active users of Veeam products is headed by the United States, Germany, and France, while UAE ranks 32nd. Veeam has the largest market share among global data replication and protection software vendors and has been named a leader in Gartner's Magic Quadrant for Enterprise Backup and Recovery Software Solutions [1] report for eight years in a row. Veeam Service Provider Console could potentially be attacked directly from the web. As of January 2025, open-source data indicated that there were 2587 vulnerable systems worldwide. The majority of installations are in the United States (26%), Türkiye (20%), Germany and Great Britain (6% each), Canada and France (5% each). " Before the patch was released, the vulnerability primarily posed a risk to large enterprise segment companies—the main users of Veeam Service Provider Console," said Nikita Petrov, a Senior Penetration Testing Specialist in the Security Analysis Department, Positive Technologies. "Attackers could initiate a request from the server to a resource that is not accessible from the outside and gain the ability to interact with it. This would allow them to obtain information about the victim's network infrastructure and thus simplify the implementation and subsequent development of attacks. For example, one possible consequence of the penetration could be the exploitation of vulnerabilities present in internal systems." This is not the first vulnerability in Veeam Software products that Positive Technologies experts have helped to fix. In 2022, Nikita Petrov discovered two security flaws at once in Veeam Backup & Replication, a popular backup system for automating backup and disaster recovery. Another flaw was discovered in Veeam Agent for Microsoft Windows, a Windows data backup software. To block attempts to exploit SSRF vulnerabilities, Positive Technologies recommends using advanced security solutions, including web application firewalls like PT Application Firewall (also available in the cloud version: PT Cloud Application Firewall). A firewall allows you to protect applications without making changes to them when a company is unable to install a patch released by the vendor. To detect vulnerabilities of this type during software development, you should use a static code analyzer like PT Application Inspector. In addition, NTA solutions, such as PT Network Attack Discovery (PT NAD), and network traffic analysis tools, like PT NGFW, will help you promptly detect attempts to exploit vulnerabilities within your company's network perimeter. NGFWs go beyond merely detecting exploitation attempts—they prevent them by using an IPS module. Positive Technologies is an industry leader in results-oriented cybersecurity and a major global provider of information security solutions. Our mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Over 4,000 organizations worldwide use technologies and services developed by our company. Positive Technologies is the first and only cybersecurity company in Russia to have gone public on the Moscow Exchange (MOEX: POSI), with 205,000 shareholders and counting.
