A vulnerability in the “/admin/wlmultipleap.asp” of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.
Monthly Archives: November 2022
USN-5716-2: SQLite vulnerability
USN-5716-1 fixed a vulnerability in SQLite. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that SQLite incorrectly handled certain long string
arguments. An attacker could use this issue to cause SQLite to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Google Wins Legal Battle Against Glupteba Botnet
The tech giant said the court’s ruling against the botnet operators set a crucial legal precedent
Thousands of Algolia API Keys Could Expose Users’ Data
The majority were from shopping, education, lifestyle, business and medical firms
USN-5658-3: DHCP vulnerabilities
USN-5658-1 fixed several vulnerabilities in DHCP. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that DHCP incorrectly handled option reference counting.
A remote attacker could possibly use this issue to cause DHCP servers to
crash, resulting in a denial of service. (CVE-2022-2928)
It was discovered that DHCP incorrectly handled certain memory operations.
A remote attacker could possibly use this issue to cause DHCP clients and
servers to consume resources, leading to a denial of service.
(CVE-2022-2929)
Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors
It leverages extortion without encryption and has cost victims hundreds of thousands of dollars
Luna Moth callback phishing campaign leverages extortion without malware
Palo Alto’s Unit 42 has investigated several incidents linked to the Luna Moth group callback phishing extortion campaign targeting businesses in multiple sectors, including legal and retail. The analysis discovered that the threat actors behind the campaign leverage extortion without malware-based encryption, have significantly invested in call centers and infrastructure unique to attack targets, and are evolving their tactics over time. Unit 42 stated that the campaign has cost victims hundreds of thousands of dollars and is expanding in scope.
Luna Moth removes malware portion of phishing callback attack
Callback phishing – or telephone-oriented attack delivery (TOAD) – is a social engineering attack that requires a threat actor to interact with the target to accomplish their objectives. It is more resource intensive but less complex than script-based attacks and it tends to have a much higher success rate, Unit 42 wrote in a blog posting. Actors linked to the Conti ransomware group had success with this type of attack with the BazarCall campaign, which focused on tricking victims into downloading the BazarLoader malware. This malware element is synonymous with traditional callback phishing attacks. Interestingly, in this campaign, Luna Moth does away with the malware portion of the attack, instead using legitimate and trusted systems management tools to interact directly with a victim’s computer to manually exfiltrate data for extortion. “As these tools are not malicious, they’re not likely to be flagged by traditional antivirus products,” the researchers wrote.
admesh-0.98.5-1.fc36
FEDORA-2022-11b4d247f8
Packages in this update:
admesh-0.98.5-1.fc36
Update description:
Security fix for TALOS-2022-1594.
admesh-0.98.5-1.fc37
FEDORA-2022-47e298b59f
Packages in this update:
admesh-0.98.5-1.fc37
Update description:
Security fix for TALOS-2022-1594.
admesh-0.98.5-1.fc35
FEDORA-2022-07dd239d6c
Packages in this update:
admesh-0.98.5-1.fc35
Update description:
Security fix for TALOS-2022-1594.