The bank was fined for the breaches and the delays in communicating with affected customers
Daily Archives: April 7, 2022
libbson-1.3.5-7.el7
FEDORA-EPEL-2022-14d598751d
Packages in this update:
libbson-1.3.5-7.el7
Update description:
This release prevents from a memory corruption when dealing with a too large (larger than a half of a address space) JSON documents. The prevention results in terminating the offended process. The same meassure which libbson triggers on a memory exhaustion.
US Disrupts Russian Botnet
The Justice Department announced the disruption of a Russian GRU-controlled botnet:
The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU). The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet. Although the operation did not involve access to the Sandworm malware on the thousands of underlying victim devices worldwide, referred to as “bots,” the disabling of the C2 mechanism severed those bots from the Sandworm C2 devices’ control.
The botnet “targets network devices manufactured by WatchGuard Technologies Inc. (WatchGuard) and ASUSTek Computer Inc. (ASUS).” And note that only the command-and-control mechanism was disrupted. Those devices are still vulnerable.
The Justice Department made a point that they did this before the botnet was used for anything offensive.
Companies are more prepared to pay ransoms than ever before, reveals new report
A new report shows that not only has there been a substantial increase in the percentage of companies that pay ransoms, but that the average size of ransomware payments has also increased significantly.
Read more in my article on the Tripwire State of Security blog.
USN-5369-1: oslo.utils vulnerability
It was discovered that oslo.utils incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
Post Title
Multiple vulnerabilities have been discovered in VMware Products, the most severe of which could result in remote code execution.
VMware Workspace ONE Access is an access control application for Workspace ONE.
VMware Identity Manager is the identity and access management component of Workspace ONE.
vRealize Automationi is a management platform for automating the delivery of container-based applications.
VMware Cloud Foundation is a hybrid cloud platform that provides a set of software-defined services for compute, storage, networking, security and cloud management to run enterprise apps.
vRealize Suite Lifecycle Manager allows for complete lifecycle and content management capabilities for vRealize Suite products.
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
#ISC2Events: A DPO’s Guide to Delivering a Cybersecurity Awareness Program
Laurie-Anne Bourdain from Isabel Group detailed ingredients for a successful cybersecurity awareness program
#SecureLondon: Defining Cyber Roles Critical to Tackling Skills Shortage
Chris Ensor, deputy director, NCSC, highlights the need to provide clarity around the skills required for specific cybersecurity roles
vim-8.2.4701-1.fc34
FEDORA-2022-e62adccfca
Packages in this update:
vim-8.2.4701-1.fc34
Update description:
Security fix for CVE-2022-1154
Security fix for CVE-2022-1160
The newest upstream commit
Security fix for CVE-2022-0943