Another dump of chat records provides insight into threat group
Monthly Archives: November 2022
USN-5737-1: APR-util vulnerability
It was discovered that APR-util did not properly handle memory when using
SDBM database files. A local attacker with write access to the database
can make a program or process using these functions crash, and cause a
denial of service.
How to reset a Kerberos password and get ahead of coming updates
Do you recall when you last reset your Kerberos password? Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password. If you’ve followed my advice, you are already one step ahead of the side effects caused by the November updates that introduced Kerberos changes.
While many of you may be waiting to install the “fixed” versions of the updates that deal with the introduced authentication issues, or you may wish to install the out-of-band updates that will fix the side effects, there are more steps to do this patching month and in the months ahead.
Online retailers should prepare for a holiday season spike in bot-operated attacks
With the holiday shopping season in full swing, retail websites can expect a spike in account takeover fraud, DDoS, and other attacks, including attacks via APIs, which now represent almost half of e-commerce traffic.
According to a recent report from application and data security company Imperva, bots account for more than 40% of traffic to online retail websites on average, with around 24% of traffic coming from “bad bots” that engage in various forms of automated attacks.
“The high risk for e-commerce is more noticeable during the holiday shopping season, which now begins as early as October,” the company said. “Bad actors have gotten wise to consumer shopping patterns, which start weeks before significant events like Black Friday due to shipping delays and item availability concerns, as well as marketing tactics such as shops offering unbeatable deals weeks before Black Friday.”
UK Privacy Tsar Defends Controversial Enforcement Strategy
Information commissioner wants to avoid “money-go-round” of government fines
Dozens of Russian Groups Steal 50 Million User Passwords
firefox-107.0-3.fc37
FEDORA-2022-b95f6a2db1
Packages in this update:
firefox-107.0-3.fc37
Update description:
New upstream version (107.0)
firefox-107.0-3.fc35
FEDORA-2022-269b27bdbc
Packages in this update:
firefox-107.0-3.fc35
Update description:
New upstream version (107.0)
firefox-107.0-3.fc36
FEDORA-2022-2321894a60
Packages in this update:
firefox-107.0-3.fc36
Update description:
New upstream version (107.0)
CVE-2021-46854 (proftpd)
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.