A new ransomware group dubbed Royal that formed earlier this year has significantly ramped up its operations over the past few months and developed its own custom ransomware program that allows attackers to perform flexible and fast file encryption. “The Royal ransomware group emerged in early 2022 and has gained momentum since the middle of the year,” researchers from security firm Cybereason said in a new report. “Its ransomware, which the group deploys through different TTPs, has impacted multiple organizations across the globe. The group itself is suspected of consisting of former members of other ransomware groups, based on similarities researchers have observed between Royal ransomware and other ransomware operators.”
Daily Archives: December 14, 2022
Hacking Boston’s CharlieCard
Interesting discussion of vulnerabilities and exploits against Boston’s CharlieCard.
thunderbird-102.6.0-1.fc36
FEDORA-2022-ec24876dcb
Packages in this update:
thunderbird-102.6.0-1.fc36
Update description:
Update to 102.6.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/ ;
https://www.thunderbird.net/en-US/thunderbird/102.6.0/releasenotes/
thunderbird-102.6.0-1.fc37
FEDORA-2022-d9231be2fd
Packages in this update:
thunderbird-102.6.0-1.fc37
Update description:
Update to 102.6.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/ ;
https://www.thunderbird.net/en-US/thunderbird/102.6.0/releasenotes/
New Google Tool Helps Devs Root Out Open Source Bugs
How acceptable is your acceptable use policy?
In a world before smartphones, social media, and hybrid workplaces, an acceptable use policy was a lot easier to write—and to enforce. These days, it’s a lot more complicated. Work can take place almost anywhere, on any number of devices. An employee can accept a job and then never physically set foot in the office, working from home (or the Caribbean) on their personal laptop. That’s why an acceptable use policy, or AUP, is more critical than ever—not just to protect the organization, but to protect employees as well.
What is an acceptable use policy?
From an IT perspective, an AUP outlines the acceptable use of corporate data, devices, and networks. In a hybrid workplace, that policy should also include terms and conditions for working on personal devices or home networks. And it should include guests, gig workers, contractors, and other non-employees who use company systems and networks.
Loan Fee Fraud Surges by a Fifth as Christmas Approaches
Two Zero-Days Fixed in December Patch Tuesday
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution.
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Experience Manager is a comprehensive content management solution for building websites, mobile apps and forms
Illustrator is a vector graphics editor and design program.
Adobe Campaign is a marketing automation platform used in email automation, delivery and reporting.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.