Image and video of a Bathyteuthis berryi carrying a few hundred eggs, taken at a depth of 4,650 feet.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
openssl11-1.1.1k-4.el7
backport from 1.1.1k-7: CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
Resolves: CVE-2022-2097
backport from 1.1.1k-7: Update expired certificates used in the testsuite
Resolves: rhbz#2100554
backport from 1.1.1k-7: CVE-2022-1292: openssl: c_rehash script allows command injection
Resolves: rhbz#2090371
backport from 1.1.1k-7: CVE-2022-2068: the c_rehash script allows command injection
Resolves: rhbz#2098278
podman-4.1.1-3.fc36
Rebuild v4.1.1 to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
An underground economy that mirrors its legitimate ecommerce counterpart is supercharging online criminal behavior, according to a report released Thursday by HP Wolf Security in collaboration with Forensic Pathways. Cybercriminals are now operating on a professional footing with easy-to-launch malware and ransomware attacks being offered on a software-as-a-service (SaaS) basis, allowing people with even rudimentary IT skills to launch cyberattacks at targets of their choosing, the report notes.
It found that competition in the underground has driven down the price of malicious tools, making them affordable to anyone. In an analysis of 174 exploits advertised on the dark web, HP Wolf researchers found an overwhelming number (91%) were selling for less than $10. A look at 1,653 malware ads revealed more than three quarters (76%) selling for under $10. And on average, information stealers were selling for $5, remote access Trojans (RATs) for $3, exploits for $2.23, and crypters for $1.
It is easier than ever to launch cyber-attacks due to the rise of malware-as-a-service
A vulnerability, which was classified as critical, has been found in Itech Movie Portal Script 7.36. This issue affects some unknown processing of the file /film-rating.php. The manipulation of the argument v leads to sql injection (Error). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in Itech Movie Portal Script 7.36. This vulnerability affects unknown code of the file /artist-display.php. The manipulation of the argument act leads to sql injection (Union). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection (Union). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in Itech Movie Portal Script 7.36. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /movie.php. The manipulation of the argument f with the input <img src=i onerror=prompt(1)> leads to basic cross site scripting (Reflected). The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in Itech Movie Portal Script 7.36. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /show_news.php. The manipulation of the argument id with the input AND (SELECT 1222 FROM(SELECT COUNT(*),CONCAT(0x71786b7a71,(SELECT (ELT(1222=1222,1))),0x717a627871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) leads to sql injection (Error). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
