FEDORA-2022-99702d9bdd
Packages in this update:
varnish-modules-0.19.0-5.fc36
Update description:
Rebuilt for varnish-7.0.3
varnish-modules-0.19.0-5.fc36
Rebuilt for varnish-7.0.3
A class action lawsuit filed last week in the Northern District of California accused Oracle of running a “worldwide surveillance machine” and violating the fundamental privacy rights of hundreds of millions of people. The suit alleges that Oracle has violated California’s state constitution by compiling and selling off personal data and makes a common law tort claim for intrusion upon seclusion, along with five further causes of action ranging from state data protection laws to the federal wiretap act.
The plaintiffs in the suit are two privacy rights activists in the U.S. and one in Ireland, all of whom assert that they have data to show that Oracle has created profiles of them without their consent. The amount of relief sought isn’t specified, but the suit – in addition to asking for certification as a class action – demands a halt to Oracle’s data collection activities, as well as restitution of profits made from data collected without consent.
The resignation of CEO Shalev Hulio will see COO Yaron Shohat take the helm
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
The CTI team at the MS-ISAC has witnessed cyber threat actors (CTAs) abusing the Brute Ratel adversary simulation software.
A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..
The malware was first released for sale on January 26, 2022 as an HVNC implant, but later evolved
The malware is reportedly capable of server takedown, Wi-Fi attacks and application layer attacks
Insurance marketplace Lloyd’s of London is set to introduce cyber insurance exclusions to coverage for “catastrophic” state-backed attacks from 2023. In a market bulletin published on August 16, 2022, Lloyd’s stated that whilst it “remains strongly supportive of the writing of cyberattack cover” it recognizes that “cyber-related business continues to be an evolving risk.” Therefore, the company will require all its insurer groups to apply a suitable clause excluding liability for losses arising from any state-backed cyberattack in accordance with several requirements. The move is reflective of a maturing and quickly evolving cyber insurance market.
In its bulletin, Lloyd’s of London wrote that it consistently emphasizes that underwriters need to be clear in their wordings as to the cover they are providing, with clarity surrounding cyberattacks involving state-backed actors of particular importance. “When writing cyberattack risks, underwriters need to take account of the possibility that state-backed attacks may occur outside of a war involving physical force. The damage that these attacks can cause and their ability to spread creates a similar systemic risk to insurers.”
Zoom users on macOS are being told once again to update their copy of the video-conferencing software after a security hole was found that could be exploited by hackers.
Read more in my article on the Hot for Security blog.