Read Time:6 Second
Several ministry websites shut down by Anonymous affiliates in retaliation for Belarus’ support of Russia’s Ukrainian invasion.
Monthly Archives: May 2022
US Academic Credentials Displayed in Public and Dark Web Forums
Read Time:6 Second
Credentials from several US-based universities and colleges have been spotted by the FBI in Russian cyber-criminal forums
USN-5446-2: dpkg vulnerability
Read Time:22 Second
USN-5446-1 fixed a vulnerability in dpkg. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Max Justicz discovered that dpkg incorrectly handled unpacking certain
source packages. If a user or an automated system were tricked into
unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial of
service or potentially gaining access to the system.
qt5-qtbase-5.15.3-2.fc36
Read Time:7 Second
FEDORA-2022-54760f7fa4
Packages in this update:
qt5-qtbase-5.15.3-2.fc36
Update description:
Security fix for CVE-2021-38593
qt5-qtbase-5.15.2-31.fc35
Read Time:7 Second
FEDORA-2022-4131ced81a
Packages in this update:
qt5-qtbase-5.15.2-31.fc35
Update description:
Security fix for CVE-2021-38593
Follina. Unpatched Microsoft Office zero-day vulnerability exploited in the wild
Read Time:10 Second
The world is waiting for a patch from Microsoft, after a zero-day vulnerability in Microsoft Office was found to be being exploited in boobytrapped Word documents to remotely execute code on victims’ PCs.
USN-5453-1: FreeType vulnerability
Read Time:7 Second
It was discovered that FreeType incorrectly handled certain font files.
An attacker could possibly use this issue to cause a denial of service.
USN-5452-1: NTFS-3G vulnerability
Read Time:12 Second
It was discovered that NTFS-3G was incorrectly validating NTFS
metadata in its ntfsck tool by not performing boundary checks. A
local attacker could possibly use this issue to cause a denial of
service or to execute arbitrary code.
How Costa Rica found itself at war over ransomware
Read Time:57 Second
Costa Rica’s newly-elected president has declared a national state of emergency, as its ongoing crisis costs the nation an estimated USD $38 million a day.
Perhaps in a different time, we would assumed the country had been struck by a devasting natural disaster or was struggling with some internal conflict—but times have changed. Costa Rica has been struck not by an earthquake or a bomb or a strike, but by a new national crisis: cybercrime.
Handling cyberattacks has become an everyday activity of every nation on the planet, as they try to navigate the “wild west” of the modern internet. Nation-states, for-profit cybercrime syndicates, political activists, and determined pranksters trawl the web every hour of every day, looking for their next victim. And what better victim than a nation’s government network? Government networks and systems are loaded with resources and information, including personal data that is vital for federal and civilian operations. At the same time, they are often behind the curve on security best practices, making government websites and systems prime targets.