CVE-2021-20257

Read Time:19 Second

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Read More

CVE-2021-20180

Read Time:15 Second

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Read More

CVE-2021-0957

Read Time:14 Second

In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550

Read More

CVE-2020-25721

Read Time:10 Second

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.

Read More

openvpn-2.5.6-1.fc35

Read Time:18 Second

FEDORA-2022-a9bd17092d

Packages in this update:

openvpn-2.5.6-1.fc35

Update description:

This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.

NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.

Read More

openvpn-2.5.6-1.fc34

Read Time:18 Second

FEDORA-2022-7d46acce7c

Packages in this update:

openvpn-2.5.6-1.fc34

Update description:

This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.

NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.

Read More

openvpn-2.5.6-1.fc36

Read Time:18 Second

FEDORA-2022-cb4c1146dc

Packages in this update:

openvpn-2.5.6-1.fc36

Update description:

This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.

NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.

Read More

New ransomware LokiLocker bundles destructive wiping component

Read Time:40 Second

A new ransomware operation dubbed LokiLocker has slowly been gaining traction since August among cybercriminals, researchers warn. The malicious program uses a relatively rare code obfuscation technique and includes a file wiper component that attackers could use against non-compliant victims.

“​​LokiLocker is a relatively new ransomware family targeting English-speaking victims and Windows PCs. The threat was first seen in the wild in mid-August 2021,” researchers from BlackBerry’s Research & Intelligence Team said in a new report. “It shouldn’t be confused with an older ransomware family called Locky, which was notorious in 2016, or LokiBot, which is an infostealer. It shares some similarities with the LockBit ransomware (registry values, ransom note filename), but it doesn’t seem to be its direct descendant.”

To read this article in full, please click here

Read More

Cloudflare unveils email security tools, free WAF ruleset, and API gateway

Read Time:33 Second

Cloudflare is bolstering its suite of web infrastructure and security offerings with a free WAF (web application firewall) managed ruleset service, a new API management gateway, and — once it closes its recently announced acquisition of Area 1 Security — a set of email tools designed to thwart phishing and malware attacks.

Cloudflare announced at the end of February that it would pay $162 million to acquire Area 1, which has developed a cloud-native security platform designed to use machine learning to detect and block phishing and malware attacks. The deal is expected to close at the beginning of the second quarter.

To read this article in full, please click here

Read More

USN-5331-1: tcpdump vulnerabilities

Read Time:17 Second

It was discovered that tcpdump incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2018-16301)

It was discovered that tcpdump incorrectly handled certain captured data.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-8037)

Read More