Woman shown coughing on Uber driver in viral video allegedly stole nurse’s identity
Monthly Archives: April 2022
USN-5396-1: Ghostscript vulnerability
It was discovered that Ghostscript incorrectly handled certain PostScript
files. If a user or automated system were tricked into processing a
specially crafted file, a remote attacker could possibly use this issue to
access arbitrary files, execute arbitrary code, or cause a denial of
service.
Chickens Baked Alive Due to Computer Glitch
English farm fined $55K after more than 27,000 birds die in overheating disaster
USN-5395-1: networkd-dispatcher vulnerabilities
It was discovered that networkd-dispatcher incorrectly handled internal
scripts. A local attacker could possibly use this issue to cause a race
condition, escalate privileges and execute arbitrary code.
(CVE-2022-29799, CVE-2022-29800)
galera-26.4.11-1.fc35 mariadb-10.5.15-1.fc35
FEDORA-2022-03350936ee
Packages in this update:
galera-26.4.11-1.fc35
mariadb-10.5.15-1.fc35
Update description:
MariaDB 10.5.15
Release notes:
galera-26.4.11-1.fc36 mariadb-10.5.15-1.fc36
FEDORA-2022-263f7cc483
Packages in this update:
galera-26.4.11-1.fc36
mariadb-10.5.15-1.fc36
Update description:
MariaDB 10.5.15
Release notes:
mariadb-10.5.15-1.fc34
FEDORA-2022-5cfe372ab7
Packages in this update:
mariadb-10.5.15-1.fc34
Update description:
MariaDB 10.5.15
Release notes:
Crypto Trading Fund Partners Accused of Fraud
Block Bits Fund investors allegedly conned out of $960K by defendants’ tech misrepresentations
Microsoft Issues Report of Russian Cyberattacks against Ukraine
Microsoft has a comprehensive report on the dozens of cyberattacks — and even more espionage operations — Russia has conducted against Ukraine as part of this war:
At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea. It is unclear whether computer network operators and physical forces are just independently pursuing a common set of priorities or actively coordinating. However, collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public’s trust in those same institutions.
[…]
Threat groups with known or suspected ties to the GRU have continuously developed and used destructive wiper malware or similarly destructive tools on targeted Ukrainian networks at a pace of two to three incidents a week since the eve of invasion. From February 23 to April 8, we saw evidence of nearly 40 discrete destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine.
Researchers break Azure PostgreSQL database-as-a-service isolation with cross-tenant attack
A team of researchers found two vulnerabilities in Microsoft’s Azure PostgreSQL Flexible Server that when chained together allowed them to access the PostgreSQL databases of other cloud tenants. The attack, dubbed ExtraReplica because it abused functionality related to database replication, combines a privilege escalation vulnerability that gave them the ability to execute code inside the container hosting their own database and another authentication bypass issue that allowed them to abuse the system’s replication service to access other users’ databases.