Read Time:9 Second
FEDORA-2022-a66124e04f
Packages in this update:
php-openpsa-universalfeedcreator-1.8.4.1-1.fc36
Update description:
Update to v1.8.4.1
Security fix for CVE-2022-28919
Monthly Archives: May 2022
Open Source Community Hands White House 10-Point Security Plan
Ukrainian Gets Four Years for Brute Forcing Thousands of Credentials
Destructive Onyx ransomware in the wild
Read Time:2 Minute, 18 Second
FortiGuard Labs is aware that a new ransomware “Onyx” is in the wild. The ransomware was first discovered in late April, 2022. The malware appears to be based on Chaos ransomware and overwrites files bigger than 2MB, making file recovery very difficult. What is this Significant?This is significant because the threat actor opted to have Onyx ransomware overwrite files bigger than 2MB on the compromised machine rather than encrypting them. Although the threat actor promises to decrypt the affected files after ransom payment is made, recovery of the overwritten files will be difficult.What does Onyx Ransomware do?The ransomware overwrites files bigger than 2MB on the compromised machine, encrypts files smaller than 2MB, and adds file extension “.ampkcz” to them. It also collects sensitive information such as credentials from the affected machine. It then displays the following ransom message and demands ransom from the victim in order to recover the affected files:”All of your files are currently encrypted by ONYX strain.As you already know, all of your data has been encrypted by our software.It cannot be recovered by any means without contacting our team directly.DON’T TRY TO RECOVER your data by yourselves. Any attempt to recover your data (including the usage of the additional recovery software) can damage your files. However,if you want to try – we recommend choosing the data of the lowest value.DON’T TRY TO IGNORE us. We’ve downloaded a pack of your internal data and are ready to publish it on our news website if you do not respond.So it will be better for both sides if you contact us as soon as possible.DON’T TRY TO CONTACT feds or any recovery companies.We have our informants in these structures, so any of your complaints will be immediately directed to us.So if you will hire any recovery company for negotiations or send requests to the FBI, we will consider this as a hostile intent and initiate the publication of whole compromised data immediately.To prove that we REALLY CAN get your data back – we offer you to decrypt two random files completely free of charge.You can contact our team directly for further instructions through our website :TOR VERSION :(you should download and install TOR browser first https://torproject.org)http://[Removed}].onionLogin: [Removed]Password: [Removed]YOU SHOULD BE AWARE!We will speak only with an authorized person. It can be the CEO, top management, etc.In case you are not such a person – DON’T CONTACT US! Your decisions and action can result in serious harm to your company!Inform your supervisors and stay calm!”What is the Status of Coverage?FortiGuard Labs provides the following AV detection for known Onyx ransomware samples:MSIL/Filecoder.F9C3!tr.ransom
dotnet6.0-6.0.105-1.fc36
Read Time:16 Second
FEDORA-2022-9a1d5ea33c
Packages in this update:
dotnet6.0-6.0.105-1.fc36
Update description:
Update to .NET SDK 6.0.105 and Runtime 6.0.5
This is the May 2022 update for .NET 6. It includes fixes for multiple CVEs, including CVE-2022-29117, CVE-2022-29145 and CVE-2022-23267.
dotnet6.0-6.0.105-1.fc35
Read Time:16 Second
FEDORA-2022-d69fee9f38
Packages in this update:
dotnet6.0-6.0.105-1.fc35
Update description:
Update to .NET SDK 6.0.105 and Runtime 6.0.5
This is the May 2022 update for .NET 6. It includes fixes for multiple CVEs, including CVE-2022-29117, CVE-2022-29145 and CVE-2022-23267.
dotnet6.0-6.0.105-1.fc34
Read Time:16 Second
FEDORA-2022-256d559f0c
Packages in this update:
dotnet6.0-6.0.105-1.fc34
Update description:
Update to .NET SDK 6.0.105 and Runtime 6.0.5
This is the May 2022 update for .NET 6. It includes fixes for multiple CVEs, including CVE-2022-29117, CVE-2022-29145 and CVE-2022-23267.
5 Tips For Creating Bulletproof Passwords
Read Time:3 Minute, 32 Second
While biometric tools like facial ID and fingerprints have become more common when it comes to securing our data and devices, strong passwords still play an essential part in safeguarding our digital lives.
This can be frustrating at times, since many of us have more accounts and passwords than we can possibly remember. This can lead us to dangerous password practices, such as choosing short and familiar passwords, and repeating them across numerous accounts. But password safety doesn’t have to be so hard. Here are some essential tips for creating bulletproof passwords.
Remember, simple is not safe
Every year surveys find that the most popular passwords are as simple as “1234567” and just “password.” This is great news for the cybercrooks, but really bad news for the safety of our personal and financial information.
When it comes to creating strong passwords, length and complexity matter because it makes them harder to guess, and harder to crack if the cybercriminal is using an algorithm to quickly process combinations. The alarming truth is that passwords that are just 7 characters long take less than a third of a second to crack using these “brute force attack” algorithms.
Tricks:
Make sure that your passwords are at least 12 characters long and include numbers, symbols, and upper and lowercase letters.
Try substituting numbers and symbols for letters, such as zero for “O”, or @ for “A”.
If you’re using internet-connected devices, like IP cameras and interactive speakers, make sure to change the default passwords to something unique, since hackers often know the manufacturer’s default settings.
Keep it impersonal
Passwords that include bits of personal information, such as your name, address, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online. But you can use personal preferences that aren’t well known to create strong passphrases.
Tricks:
Try making your password a phrase, with random numbers and characters. For instance, if you love crime novels you might pick the phrase: ILoveBooksOnCrime
Then you would substitute some letters for numbers and characters, and put a portion in all caps to make it even stronger, such as: 1L0VEBook$oNcRIM3!
If you do need to use personal information when setting up security questions, choose answers that are not easy to find online.
Keep all your passwords and passphrases private.
Never reuse passwords
If you reuse passwords and someone guesses a password for one account, they can potentially use it to get into others. This practice has gotten even riskier over the last several years, due to the high number of corporate data breaches. With just one hack, cybercriminals can get their hands on thousands of passwords, which they can then use to try to access multiple accounts.
Tricks:
Use unique passwords for each one of your accounts, even if it’s for an account that doesn’t hold a lot of personal information. These too can be compromised, and if you use the same password for more sensitive accounts, they too are at risk.
If a website or monitoring service you use warns you that your details may have been exposed, change your password immediately.
Employ a password manager
If just the thought of creating and managing complex passwords has you overwhelmed, outsource the work to a password manager! These are software programs that can create random and complex passwords for each of your accounts, and store them securely. This means you don’t have to remember your passwords – you can simply rely on the password manager to enter them when needed.
Tricks:
Look for security software that includes a password manager
Make sure your password manager uses multi-factor authentication, meaning it uses multiple pieces of information to identify you, such as facial recognition, a fingerprint, and a password.
Boost your overall security
Now that you’ve made sure that your passwords are bulletproof, make sure you have comprehensive security software that can protect you from a wide variety of threats.
Tricks:
Keep you software up-to-date and consider using a web advisor that protects you from accidentally typing passwords into phishing sites.
The post 5 Tips For Creating Bulletproof Passwords appeared first on McAfee Blog.
CVE-2020-22987
Read Time:9 Second
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
CVE-2020-22986
Read Time:9 Second
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.