vim-8.2.4460-1.fc34

Read Time:22 Second

FEDORA-2022-48bf3cb1c4

Packages in this update:

vim-8.2.4460-1.fc34

Update description:

Security fix for CVE-2022-0554

Security fixes for CVE-2022-0714, CVE-2022-0729

Security fix for CVE-2022-0696

Security fix for CVE-2022-0629

Security fix for CVE-2022-0572

Security fixes for CVE-2022-0408, CVE-2022-0413, CVE-2022-0393, CVE-2022-0417, CVE-2022-0443

Security fix for CVE-2022-0685

Read More

CISOs, beware of spyware tools for illicit competitive intelligence

Read Time:48 Second

The U.S. Department of Justice (DOJ) released information surrounding the guilty plea of Mexican businessman Carlos Guerrero and his conspiracy to sell and use hacking tools that were manufactured by companies in Italy, Israel, and elsewhere. Guerrero had a bevy of companies that he stood up for this purpose, with the Tijuana-based Elite de Carga being among the most prominent.

Of particular note, according to court documents, which included his plea agreement, Guerrero and a co-conspirator, Daniel Moreno, together in August 2014 met with representatives of “Italian Company A” (believed to be Hacking Team) in San Diego, where the Italians demonstrated their devices and their capability to intercept wireless communications and to geolocate targets of interest. Elite de Carga would sell these capabilities to the Mexican state government of Baja and Durango for what was tacitly understood to be for political as well as law enforcement purposes.

To read this article in full, please click here

Read More

New Wiper Malware Discovered Targeting Ukrainian Interests

Read Time:1 Minute, 22 Second

FortiGuard Labs is aware of new wiper malware observed in the wild attacking Ukrainian interests. The wiper was found by security researchers today at ESET. Various estimates from both outfits reveal that the malware wiper has been installed on several hundreds of machines within the Ukraine. Cursory analysis reveals that wiper malware contains a valid signed certificate that belongs to an entity called “Hermetica Digital” based in Cyprus. This is a breaking news event. More information will be added when relevant updates are available. For further reference about Ukrainian wiper attacks please reference our Threat Signal from January. Also, please refer to our most recent blog that encompasses the recent escalation in Ukraine, along with salient advice about patch management and why it is important, especially in today’s political climate. Is this the Work of Nobelium/APT29?At this time, there is not enough information to correlate this to Nobelium/APT29 or nation state activity. Are there Other Samples Observed Using the Same Certificate?No. Cursory analysis at this time highlights that the Hermetica Digital certificate used by this malware sample is the only one that we are aware of at this time. Was the Certificate Stolen?Unknown at this time. As this is a breaking news event, information is sparse. Why is the Malware Signed?Malware is often signed by threat actors as a pretence to evade AV or any other security software. Signed malware allows for threat actors to evade and effectively bypass detection and guaranteeing a higher success rate. What is the Status of Coverage?FortiGuard Labs has AV coverage in place for publicly available samples as:W32/KillDisk.NCV!tr

Read More

Smashing Security podcast #263: Problèmes de Weefeee, AI artists, and Web 3.0

Read Time:20 Second

Ooh la la! Horreur Wi-Fi en France! Some folks have experienced the drawbacks of Web 3.0 as their NFTs are stolen, and should computers own the copyright over the art they produce?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Read More