Read Time:8 Second
FEDORA-MODULAR-2022-4f8cc50239
Packages in this update:
nginx-1.20-3520221110171337.f27b74a8
Update description:
Backported fixes for CVE-2022-41741 and CVE-2022-41742.
Daily Archives: November 10, 2022
nginx-1.20-3720221110171337.9e842022
Read Time:8 Second
FEDORA-MODULAR-2022-d50a9f774e
Packages in this update:
nginx-1.20-3720221110171337.9e842022
Update description:
Backported fixes for CVE-2022-41741 and CVE-2022-41742.
nginx-1.20.1-10.el7
Read Time:8 Second
FEDORA-EPEL-2022-4d30ee90cd
Packages in this update:
nginx-1.20.1-10.el7
Update description:
Backported fixes for CVE-2022-41741 and CVE-2022-41742.
New Lenovo Notebook Models Affected By UEFI Firmware Vulnerabilities
#IRISSCON: Police Officer Urges More Reporting and Engagement to Tackle Cybercrime
Read Time:4 Second
Ireland’s National Cyber Crime Bureau outlines cybercrime trends being observed in law enforcement
Majority of Security Managers Lack Threat Intelligence Skills
Read Time:4 Second
The report suggests threat intelligence is a crucial source for vulnerability detection
The ‘Great Resignation’ Caused Insider Threats to Peak in Q3 2022, Kroll Finds
Read Time:4 Second
Kroll’s Q3 2022 Threat Landscape report showed an unprecedented increase in insider threats
Update your Lenovo laptop’s firmware now! Flaws could help malware survive a hard disk wipe
Read Time:23 Second
PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers.
Security researchers at ESET discovered flaws in 25 of its laptop models – including IdeaPads, Slims, and ThinkBooks – that could be used to disable the UEFI Secure Boot process.
Read more in my article on the Tripwire State of Security blog.
An Untrustworthy TLS Certificate in Browsers
Read Time:1 Minute, 17 Second
The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy:
Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding users to them seamlessly.
The company’s Panamanian registration records show that it has the identical slate of officers, agents and partners as a spyware maker identified this year as an affiliate of Arizona-based Packet Forensics, which public contracting records and company documents show has sold communication interception services to U.S. government agencies for more than a decade.
[…]
In the earlier spyware matter, researchers Joel Reardon of the University of Calgary and Serge Egelman of the University of California at Berkeley found that a Panamanian company, Measurement Systems, had been paying developers to include code in a variety of innocuous apps to record and transmit users’ phone numbers, email addresses and exact locations. They estimated that those apps were downloaded more than 60 million times, including 10 million downloads of Muslim prayer apps.
Measurement Systems’ website was registered by Vostrom Holdings, according to historic domain name records. Vostrom filed papers in 2007 to do business as Packet Forensics, according to Virginia state records. Measurement Systems was registered in Virginia by Saulino, according to another state filing.
More details by Reardon.
Cory Doctorow does a great job explaining the context and the general security issues.
#IRISSCON: Cyber Professionals Now Tasked with Securing Society, Says Mikko Hyppönen
Read Time:5 Second
Mikko Hyppönen discusses how cyber-threats will become even more dangerous as reliance on connectivity grows