FEDORA-EPEL-2022-14a54aad76
Packages in this update:
strongswan-5.9.8-1.el9
Update description:
Resolves CVE-2022-40617
strongswan-5.9.8-1.el9
Resolves CVE-2022-40617
The campaign had several features differentiating it from other ransomware tracked by Microsoft
A flaw was found in WordPress 5.1. “X-Forwarded-For” is a HTTP header used to carry the client’s original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated.
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.
A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.
An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called “MyProject”, and then later deletes it another user can then create a project called “MyProject” and access the metrics stored from the original “MyProject” instance.
Which? said it has reported the fake URLs to the National Cyber Security Centre
Suspected members of a European car-theft ring have been arrested:
The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away.
As a result of a coordinated action carried out on 10 October in the three countries involved, 31 suspects were arrested. A total of 22 locations were searched, and over EUR 1 098 500 in criminal assets seized.
The criminals targeted keyless vehicles from two French car manufacturers. A fraudulent tool—marketed as an automotive diagnostic solution, was used to replace the original software of the vehicles, allowing the doors to be opened and the ignition to be started without the actual key fob.
Among those arrested feature the software developers, its resellers and the car thieves who used this tool to steal vehicles.
The article doesn’t say how the hacking tool got installed into cars. Were there crooked auto mechanics, dealers, or something else?
strongswan-5.9.8-1.fc36
Resolves CVE-2022-40617
The collection became increasingly clear through the tools used by both threat actors