News

Bank of Ireland Fined €463,000 Over Data Breaches

April 7, 2022

Read Time:5 Second

The bank was fined for the breaches and the delays in communicating with affected customers

Advisories

libbson-1.3.5-7.el7

April 7, 2022

Read Time:17 Second

FEDORA-EPEL-2022-14d598751d

Packages in this update:

libbson-1.3.5-7.el7

Update description:

This release prevents from a memory corruption when dealing with a too large (larger than a half of a address space) JSON documents. The prevention results in terminating the offended process. The same meassure which libbson triggers on a memory exhaustion.

News

US Disrupts Russian Botnet

April 7, 2022

Read Time:59 Second

The Justice Department announced the disruption of a Russian GRU-controlled botnet:

The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU). The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet. Although the operation did not involve access to the Sandworm malware on the thousands of underlying victim devices worldwide, referred to as “bots,” the disabling of the C2 mechanism severed those bots from the Sandworm C2 devices’ control.

The botnet “targets network devices manufactured by WatchGuard Technologies Inc. (WatchGuard) and ASUSTek Computer Inc. (ASUS).” And note that only the command-and-control mechanism was disrupted. Those devices are still vulnerable.

The Justice Department made a point that they did this before the botnet was used for anything offensive.

Four more news articles. Slashdot post.

News

Companies are more prepared to pay ransoms than ever before, reveals new report

April 7, 2022

Read Time:14 Second

A new report shows that not only has there been a substantial increase in the percentage of companies that pay ransoms, but that the average size of ransomware payments has also increased significantly.

Read more in my article on the Tripwire State of Security blog.

Advisories

USN-5369-1: oslo.utils vulnerability

April 7, 2022

Read Time:6 Second

It was discovered that oslo.utils incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.

Advisories

Post Title

April 7, 2022

Read Time:49 Second

Multiple vulnerabilities have been discovered in VMware Products, the most severe of which could result in remote code execution.

VMware Workspace ONE Access is an access control application for Workspace ONE.
VMware Identity Manager is the identity and access management component of Workspace ONE.
vRealize Automationi is a management platform for automating the delivery of container-based applications.
VMware Cloud Foundation is a hybrid cloud platform that provides a set of software-defined services for compute, storage, networking, security and cloud management to run enterprise apps.
vRealize Suite Lifecycle Manager allows for complete lifecycle and content management capabilities for vRealize Suite products.
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

News