It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
It was discovered that JBIG-KIT incorrectly handled decoding certain large
image files. If a user or automated system using JBIG-KIT were tricked into
opening a specially crafted file, an attacker could possibly use this issue
to cause a denial of service.
UK police are texting 70,000 people who they believe have fallen victim to a worldwide scam that saw fraudsters steal at least £50 million from bank accounts.
Read more in my article on the Tripwire State of Security blog.
The app used as part of the campaign was a trojanized version of SoftVPN or OpenVPN
The apps are no longer available on the Play Store, but can be found in third-party stores
advancecomp-2.4-1.el8
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
It was discovered that Exim incorrectly handled certain regular
expressions. An attacker could use this issue to cause Exim to crash,
resulting in a denial of service, or possibly execute arbitrary code.
The All India Institute of Medical Sciences (AIIMS), New Delhi, one of India’s top medical institutes, has been forced to operate manually due to a ransomware attack on its hospital management system on Wednesday morning, which severely impacted several services.
On Thursday, the hospital issued a fresh set of standard operating procedures for admission, discharge and transfer of patients to be done manually till the systems are down, according to ANI News.
Birth and death certificates will also be made manually on physical forms, as per the instructions of the working committee. The hospital has further stated that only urgent samples are to be sent with filled forms and only urgent investigations are to be sent till the systems don’t get back online.
advancecomp-2.4-1.el9
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
The company reportedly learned of unauthorized access to one of its systems on November 14
