APPLE-SA-2022-11-01-1 Xcode 14.1

November 8, 2022

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on Nov 07

Xcode 14.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213496.

Git
Available for: macOS Monterey 12.5 and later
Impact: Multiple issues in git
Description: Multiple issues were addressed by updating to git
version 2.32.3.
CVE-2022-29187: Carlo Marcelo Arenas Belón and Johannes Schindelin

Git
Available for: macOS Monterey 12.5 and later…

Advisories

CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x security vulnerabilities

November 8, 2022

Read Time:24 Second

Posted by Turritopsis Dohrnii Teo En Ming on Nov 07

Subject: CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x
security vulnerabilities

Good day from Singapore,

Please refer to the following posts. The story is developing.

[1] OpenSSL Gives Heads Up to Critical Vulnerability Disclosure, Check
Point Alerts Organizations to Prepare Now
Link:
https://blog.checkpoint.com/2022/10/30/openssl-gives-heads-up-to-critical-vulnerability-disclosure-check-point-alerts-organizations-to-prepare-now/…

Advisories

DSA-5273 webkit2gtk – security update

November 8, 2022

Read Time:3 Second

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

Advisories

DSA-5274 wpewebkit – security update

November 8, 2022

Read Time:4 Second

The following vulnerabilities have been discovered in the WPE WebKit
web engine:

Advisories

USN-5658-2: DHCP vulnerabilities

November 7, 2022

Read Time:27 Second

USN-5658-1 fixed vulnerabilities in DHCP. This update provides
the corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that DHCP incorrectly handled option reference counting.
A remote attacker could possibly use this issue to cause DHCP servers to
crash, resulting in a denial of service. (CVE-2022-2928)

It was discovered that DHCP incorrectly handled certain memory operations.
A remote attacker could possibly use this issue to cause DHCP clients and
servers to consume resources, leading to a denial of service.
(CVE-2022-2929)

News

Vultur Android Banking Trojan Reaches 100,000+ Downloads on Google Play Store

November 7, 2022

Read Time:5 Second

The dropper hides behind a fake utility app with limited permissions and a small footprint

News

Medibank refuses to pay ransom after 9.7 million health insurance customers have their data stolen

November 7, 2022

Read Time:11 Second

Embattled Australian health insurer Medibank says that it will not pay a ransom to cyber extortionists who stolen the personal data of almost ten million customers.

Read more in my article on the Hot for Security blog.

News

CIS Benchmarks November 2022 Update

November 7, 2022

Read Time:6 Second

The CIS Benchmarks development team has been hard at work preparing several brand new Benchmarks and updates for November 2022.

News

Medibank Refuses to Pay Ransom After Data Breach

November 7, 2022

Read Time:4 Second

Medibank believes there is a limited chance paying a ransom would return customers’ data

Advisories

USN-5716-1: SQLite vulnerability

November 7, 2022

Read Time:10 Second

It was discovered that SQLite incorrectly handled certain long string
arguments. An attacker could use this issue to cause SQLite to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Cyber Security News

Monthly Archives: November 2022

APPLE-SA-2022-11-01-1 Xcode 14.1

CVE-2022-3602 and CVE-2022-3786 Critical OpenSSL 3.0.x security vulnerabilities

DSA-5273 webkit2gtk – security update

DSA-5274 wpewebkit – security update

USN-5658-2: DHCP vulnerabilities

Vultur Android Banking Trojan Reaches 100,000+ Downloads on Google Play Store

Medibank refuses to pay ransom after 9.7 million health insurance customers have their data stolen

CIS Benchmarks November 2022 Update

Medibank Refuses to Pay Ransom After Data Breach

USN-5716-1: SQLite vulnerability

News, Advisories and much more