Read Time:4 Second
jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put16u.
Monthly Archives: November 2022
Black Basta Ransomware Attacks Linked to FIN7 Threat Actor
Read Time:6 Second
The hacker behind a tool used by Black Basta had access to the source code used by FIN7
Geopolitics plays major role in cyberattacks, says EU cybersecurity agency
Read Time:34 Second
The ongoing Russia-Ukraine conflict has resulted in an increase in hacktivist activity in the past year, with state-sponsored threat actors targeting 128 governmental organizations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA).
In addition, some threat actors targeted Ukrainian and Russian entities during the early days of the conflict, likely for the collection of intelligence, according to the 10th edition of the ENISA threat landscape report. The report—this year titled Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape—notes that in general, geopolitical situations continue to have a high impact on cybersecurity.
LockBit Claims Ransomware Attack on Continental
BEC Group Crimson Kingsnake Linked to 92 Malicious Domains
Read Time:5 Second
The group impersonated 19 law firms and debt collection agencies in the US, UK and Australia
NSA on Supply Chain Security
Read Time:57 Second
The NSA (together with CISA) has published a long report on supply-chain security: “Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.“:
Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. But the supplier also holds a critical responsibility in ensuring the security and integrity of our software. After all, the software vendor is responsible for liaising between the customer and software developer. It is through this relationship that additional security features can be applied via contractual agreements, software releases and updates, notifications and mitigations of vulnerabilities.
Software suppliers will find guidance from NSA and our partners on preparing organizations by defining software security checks, protecting software, producing well-secured software, and responding to vulnerabilities on a continuous basis. Until all stakeholders seek to mitigate concerns specific to their area of responsibility, the software supply chain cycle will be vulnerable and at risk for potential compromise.
They previously published “Securing the Software Supply Chain: Recommended Practices Guide for Developers.” And they plan on publishing one focused on customers.
vim-9.0.828-1.fc35
Read Time:9 Second
FEDORA-2022-3d354ef0fb
Packages in this update:
vim-9.0.828-1.fc35
Update description:
Security fix for CVE-2022-3705
2139842 – vim upgrade broke :! for displaying terminal output
“Disturbing” Rise in Nation State Activity, Microsoft Reports
Read Time:5 Second
The proportion of cyber-attacks perpetrated by nation states targeting critical infrastructure jumped from 20% to 40%
CVE-2021-41574
Read Time:8 Second
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none.
CVE-2021-34686
Read Time:8 Second
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none.