News

Agenda Ransomware Switches to Rust to Attack Critical Infrastructure

December 16, 2022

Read Time:3 Second

Victim companies have a combined revenue of around $550m

USN-5783-1: Linux kernel (OEM) vulnerability

December 16, 2022

Read Time:12 Second

Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.

News

Meta’s Bug Bounty Program Shows $2m Awarded in 2022

December 16, 2022

Read Time:4 Second

The total amount since the program’s establishment in 2011 is reportedly $16m

Advisories

CVE-2021-35252 (serv-u)

December 16, 2022

Read Time:10 Second

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.

News

Social Blade Confirms Data Breach Exposing PII on the Dark Web

December 16, 2022

Read Time:4 Second

The company confirmed the data does not include any credit card information

News

Data breach at Social Blade confirmed. Hacker offers to sell database on underground website

December 16, 2022

Read Time:12 Second

Social media analytics service Social Blade has confirmed that it is investigating a security breach, after a hacker offered its user database for sale on an underground criminal website.

Read more in my article on the Hot for Security blog.

Advisories

CVE-2021-28655

December 16, 2022

Read Time:11 Second

The improper Input Validation vulnerability in “â€�Move folder to Trashâ€� feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Advisories

mod_auth_openidc-2.4.12.2-1.fc36

December 16, 2022

Read Time:10 Second

FEDORA-2022-6beaa3bd0c

Packages in this update:

mod_auth_openidc-2.4.12.2-1.fc36

Update description:

CVE-2022-23527 mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character

Advisories

mod_auth_openidc-2.4.12.2-1.fc37

December 16, 2022

Read Time:10 Second

FEDORA-2022-e139408490

Packages in this update:

mod_auth_openidc-2.4.12.2-1.fc37

Update description:

CVE-2022-23527 mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character

Advisories

mod_auth_openidc-2.4.12.2-1.fc38

December 16, 2022

Read Time:22 Second

FEDORA-2022-105be2997e

Packages in this update:

mod_auth_openidc-2.4.12.2-1.fc38

Update description:

Automatic update for mod_auth_openidc-2.4.12.2-1.fc38.

Changelog

* Fri Dec 16 2022 Tomas Halman <thalman@redhat.com> – 2.4.12.2-1
Rebase to 2.4.12.2 version
– Resolves: rhbz#2153658 – CVE-2022-23527 mod_auth_openidc: Open Redirect in
oidc_validate_redirect_url() using tab character

Cyber Security News

Daily Archives: December 16, 2022

Agenda Ransomware Switches to Rust to Attack Critical Infrastructure

USN-5783-1: Linux kernel (OEM) vulnerability

Meta’s Bug Bounty Program Shows $2m Awarded in 2022

CVE-2021-35252 (serv-u)

Social Blade Confirms Data Breach Exposing PII on the Dark Web

Data breach at Social Blade confirmed. Hacker offers to sell database on underground website

CVE-2021-28655

mod_auth_openidc-2.4.12.2-1.fc36

FEDORA-2022-6beaa3bd0c

Packages in this update:

Update description:

mod_auth_openidc-2.4.12.2-1.fc37

FEDORA-2022-e139408490

Packages in this update:

Update description:

mod_auth_openidc-2.4.12.2-1.fc38

FEDORA-2022-105be2997e

Packages in this update:

Update description:

Changelog

News, Advisories and much more