Read Time:5 Second
The operators could make over $3m if they decide to sell the card dumps on underground forums
Monthly Archives: October 2022
USN-5698-2: Open vSwitch vulnerability
Read Time:18 Second
USN-5698-1 fixed a vulnerability in Open. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Open vSwitch incorrectly handled comparison of
certain minimasks. A remote attacker could use this issue to cause Open
vSwitch to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Cybersecurity event cancelled after scammers disrupt LinkedIn live chat
Read Time:6 Second
It was all going so well. At first.
Read more in my article on the Hot for Security blog.
USN-5698-1: Open vSwitch vulnerability
Read Time:11 Second
It was discovered that Open vSwitch incorrectly handled comparison of
certain minimasks. A remote attacker could use this issue to cause Open
vSwitch to crash, resulting in a denial of service, or possibly execute
arbitrary code.
php-8.0.25-1.fc35
Read Time:30 Second
FEDORA-2022-f2a5082860
Packages in this update:
php-8.0.25-1.fc35
Update description:
PHP version 8.0.25 (27 Oct 2022)
GD:
Fixed bug php#81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630) (cmb)
Hash:
Fixed bug php#81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454) (nicky at mouha dot be)
Session:
Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn’t have a validateId() method). (Girgias)
Streams:
Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set). (Arnaud)
USN-5697-1: Barbican vulnerability
Read Time:7 Second
Douglas Mendizabal discovered that Barbican incorrectly handled certain
query strings. A remote attacker could possibly use this issue to bypass
the access policy.
Akamai to boost network-layer DDoS protection with new scrubbing centers
Read Time:33 Second
Content delivery network (CDN) provider Akamai said Tuesday that its Prolexic DDoS protection service will become able to handle DDoS attacks of up to 20Tbps, thanks to a new wave of construction of so-called scrubbing centers.
The company’s announcement said that this will effectively double its current capacity to handle network-level DDoS attacks, with rollouts planned for “all major regions,” which includes US East and West, Canada, Italy, Spain, Switzerland, India, Japan, Hong Kong and the Middle East. The first new centers will come online in the third quarter of this year, and will continue through 2023.
Ukraine Warns of Cuba Ransomware Campaign
Iranian Atomic Energy Agency Admits Email Hack
Blockchain security companies tackle cryptocurrency theft, ransom tracing
Read Time:46 Second
According to data from the Rekt leaderboard, cybercriminals have stolen as much as $3 billion of investor funds through 141 various cryptocurrency exploits since January, putting 2022 on track to top 2021 levels of digital currency malfeasance. Comparitech’s cryptocurrency heists tracker indicates that since 2011, hackers have stolen $7.9 billion in cryptocurrency worth about $45.5 billion in today’s value.
Along with the increased dollar amounts of cryptocurrency thefts, the scams, hacks, and exploits of cryptocurrency, Web3 (a decentralized view of the web that incorporates blockchain technologies and token-based economics), and blockchain-related organizations are growing bolder and more lucrative for malicious hackers even as the value of cryptocurrencies stagnates. This month alone, Binance saw its BNB chain drained of $586 million, close to the all-time most significant cryptocurrency theft of $624 million from the Ronin Network in March 2022.