** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Monthly Archives: August 2022
CVE-2020-35511
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
True crime shows might be the biggest educational tool for cybercrime awareness
A survey of U.S. and UK residents conducted by Censuswide and commissioned by identity verification vendor Onfido released today said that popular culture – specifically, true-crime shows and movies – are having an outsized effect on the public’s understanding of cybercrime.
Two out of three survey respondents said that shows like Inventing Anna and documentaries like The Tinder Swindler have changed the way they view fraud in the modern day. Almost 60% of respondents also said that they’re cautious about trusting other people online due to cultural depictions of fraud.
Onfido CEO Mike Tuchen said in a press release that such programs have had a major impact on the public’s view of fraud and cybercrime. “True crime and fraud-related entertainment stories have become widespread and popular. This is having a very real impact on how society views and perceives the prevalence and severity of fraud as a crime,” he said. “As a result, consumers are growing increasingly wary of online interactions, amid concerns over fraudster tactics and the security of their identities.”
Ex-Security Chief Accuses Twitter of Cybersecurity Negligence
Peiter Zatko admitted that he “reasonably feared Twitter could suffer an Equifax-level hack”
Hackers demand $10 million from Paris hospital after ransomware attack
Malicious hackers are demanding $10 million from a French hospital they hit with ransomware last weekend.
The Hospital Center Sud Francilien (CHSF) in Corbeil-Essonnes, south-east of Paris, was struck late on Saturday night, causing major disruption to health services.
Read more in my article on the Hot for Security blog.
CISA Adds Palo Alto Networks’ PAN-OS Vulnerability to Catalog
The flaw would allow a network-based unauthenticated threat actor to perform DoS attacks
CVE-2020-35509
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.
Air-Gap Attack Exploits Gyroscope Ultrasonic Covert Channel to Leak Data
Gairoscope is a covert ultrasonic channel that does not require a microphone on the receiving side
Software Assurance: Approaching Allowlisting for Code
While there has been significant work done on supply chain security, efforts surrounding automated software assurance continue to evolve.
Counterfeit Android Devices Revealed to Contain Backdoor Designed to Hack WhatsApp
At least four different smartphones affected: ‘P48pro’, ‘radmi note 8’, ‘Note30u’ and ‘Mate40’