An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.
$100 million.
That’s the amount of money that the Hive ransomware is thought to have extorted from over 1300 companies around the world, according to a joint report from the FBI, CISA, and HHS.
Read more in my article on the Hot for Security blog.
They expand the framework’s scope by adding new resources and tools to support SLTT partners
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user’s network traffic could bypass the application’s use of SSL/TLS encryption and use the application as a platform for attacks against its users.
The operation relied on many internet services, including Telegram, Twitter, YouTube and others
Several security issues were discovered in MariaDB and this update
includes new upstream MariaDB versions to fix these issues.
MariaDB has been updated to 10.3.37 in Ubuntu 20.04 LTS and to 10.6.11
in Ubuntu 22.04 LTS and Ubuntu 22.10.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Nothing beats a dog’s nose for detecting explosives. Unfortunately, there aren’t enough dogs:
Last month, the US Government Accountability Office (GAO) released a nearly 100-page report about working dogs and the need for federal agencies to better safeguard their health and wellness. The GOA says that as of February the US federal government had approximately 5,100 working dogs, including detection dogs, across three federal agencies. Another 420 dogs “served the federal government in 24 contractor-managed programs within eight departments and two independent agencies,” the GAO report says.
The report also underscores the demands placed on detection dogs and the potential for overwork if there aren’t enough dogs available. “Working dogs might need the strength to suddenly run fast, or to leap over a tall barrier, as well as the physical stamina to stand or walk all day,” the report says. “They might need to search over rubble or in difficult environmental conditions, such as extreme heat or cold, often wearing heavy body armor. They also might spend the day detecting specific scents among thousands of others, requiring intense mental concentration. Each function requires dogs to undergo specialized training.”
A decade and a half ago I was optimistic about bomb-sniffing bees and wasps, but nothing seems to have come of that.
Threat actors obtained admin access in two hours and then deployed ransomware in under 12 hours
When it comes to hitting the ground running on cybersecurity, the Biden administration has engaged in an extensive set of initiatives that far outstrip those of the Trump administration – and even those of the Obama administration, which established the previous highwater mark for cybersecurity actions. In mid-October, the White House issued a fact sheet about the Biden-Harris administration’s “relentless focus” on improving the nation’s cybersecurity to tout its impressive sprint.
