It was discovered that Exim incorrectly handled certain regular
expressions. An attacker could use this issue to cause Exim to crash,
resulting in a denial of service, or possibly execute arbitrary code.
The All India Institute of Medical Sciences (AIIMS), New Delhi, one of India’s top medical institutes, has been forced to operate manually due to a ransomware attack on its hospital management system on Wednesday morning, which severely impacted several services.
On Thursday, the hospital issued a fresh set of standard operating procedures for admission, discharge and transfer of patients to be done manually till the systems are down, according to ANI News.
Birth and death certificates will also be made manually on physical forms, as per the instructions of the working committee. The hospital has further stated that only urgent samples are to be sent with filled forms and only urgent investigations are to be sent till the systems don’t get back online.
advancecomp-2.4-1.el9
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
The company reportedly learned of unauthorized access to one of its systems on November 14
advancecomp-2.4-1.fc35
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
The Common Vulnerability Scanning System (CVSS) is the most frequently cited rating system to assess the severity of security vulnerabilities. It has been criticized, however, as not being appropriate to assess and prioritize risk from those vulnerabilities. For this reason, some have called for using the Exploit Prediction Scoring System (EPSS) or combining CVSS and EPSS to make vulnerability metrics more actionable and efficient. Like CVSS, EPSS is governed by the Forum of Incident Response and Security Teams (FIRST).
A group of attackers, likely based in Vietnam, that specializes in targeting employees with potential access to Facebook business and ads management accounts, has re-emerged with changes to its infrastructure, malware, and modus operandi after being initially outed a few months ago.
Dubbed DUCKTAIL by researchers from WithSecure, the group uses spear phishing to target individuals on LinkedIn who have job descriptions that could suggest they have access to manage Facebook business accounts. More recently, the attackers were also observed targeting victims via WhatsApp. The compromised Facebook business accounts are used to run ads on the platform for attackers’ financial gain.
