A vulnerability in the “/admin/wlmultipleap.asp” of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.
USN-5716-1 fixed a vulnerability in SQLite. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that SQLite incorrectly handled certain long string
arguments. An attacker could use this issue to cause SQLite to crash,
resulting in a denial of service, or possibly execute arbitrary code.
The tech giant said the court’s ruling against the botnet operators set a crucial legal precedent
The majority were from shopping, education, lifestyle, business and medical firms
USN-5658-1 fixed several vulnerabilities in DHCP. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that DHCP incorrectly handled option reference counting.
A remote attacker could possibly use this issue to cause DHCP servers to
crash, resulting in a denial of service. (CVE-2022-2928)
It was discovered that DHCP incorrectly handled certain memory operations.
A remote attacker could possibly use this issue to cause DHCP clients and
servers to consume resources, leading to a denial of service.
(CVE-2022-2929)
It leverages extortion without encryption and has cost victims hundreds of thousands of dollars
Palo Alto’s Unit 42 has investigated several incidents linked to the Luna Moth group callback phishing extortion campaign targeting businesses in multiple sectors, including legal and retail. The analysis discovered that the threat actors behind the campaign leverage extortion without malware-based encryption, have significantly invested in call centers and infrastructure unique to attack targets, and are evolving their tactics over time. Unit 42 stated that the campaign has cost victims hundreds of thousands of dollars and is expanding in scope.
Callback phishing – or telephone-oriented attack delivery (TOAD) – is a social engineering attack that requires a threat actor to interact with the target to accomplish their objectives. It is more resource intensive but less complex than script-based attacks and it tends to have a much higher success rate, Unit 42 wrote in a blog posting. Actors linked to the Conti ransomware group had success with this type of attack with the BazarCall campaign, which focused on tricking victims into downloading the BazarLoader malware. This malware element is synonymous with traditional callback phishing attacks. Interestingly, in this campaign, Luna Moth does away with the malware portion of the attack, instead using legitimate and trusted systems management tools to interact directly with a victim’s computer to manually exfiltrate data for extortion. “As these tools are not malicious, they’re not likely to be flagged by traditional antivirus products,” the researchers wrote.
admesh-0.98.5-1.fc36
Security fix for TALOS-2022-1594.
admesh-0.98.5-1.fc37
Security fix for TALOS-2022-1594.
admesh-0.98.5-1.fc35
Security fix for TALOS-2022-1594.
