dcmtk-3.6.7-3.fc39

Read Time:15 Second

FEDORA-2023-29c8c2d740

Packages in this update:

dcmtk-3.6.7-3.fc39

Update description:

Automatic update for dcmtk-3.6.7-3.fc39.

Changelog

* Thu Mar 2 2023 Carl George <carl@george.computer> – 3.6.7-3
– Backport fix for CVE-2022-43272, resolves rhbz#2150930

Read More

USN-5482-2: SPIP vulnerabilities

Read Time:50 Second

USN-5482-1 fixed several vulnerabilities in SPIP. This update provides
the corresponding updates for Ubuntu 20.04 LTS for CVE-2021-44118,
CVE-2021-44120, CVE-2021-44122 and CVE-2021-44123.

Original advisory details:

It was discovered that SPIP incorrectly validated inputs. An authenticated
attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28984)

Charles Fol and Théo Gordyjan discovered that SPIP is vulnerable to Cross
Site Scripting (XSS). If a user were tricked into browsing a malicious SVG
file, an attacker could possibly exploit this issue to execute arbitrary
code. This issue was only fixed in Ubuntu 21.10. (CVE-2021-44118,
CVE-2021-44120, CVE-2021-44122, CVE-2021-44123)

It was discovered that SPIP incorrectly handled certain forms. A remote
authenticated editor could possibly use this issue to execute arbitrary code,
and a remote unauthenticated attacker could possibly use this issue to obtain
sensitive information. (CVE-2022-26846, CVE-2022-26847)

Read More

Best and worst data breach responses highlight the do’s and don’ts of IR

Read Time:46 Second

In theory, enterprises should not only have security measures in place to prevent a data breach but should also have detailed plans for a response in the event of a breach. And they should periodically conduct drills to test those plans.

Industry-wide best practices for incident response are well established. “In general, you want breach responses to be fairly timely, transparent, communicate with victims in a timely manner, prevent further harm to victims as best as they can do that, and tell stakeholders what they are doing to mitigate future attacks,” says Roger Grimes, data-driven defense evangelist at KnowBe4.

However, as former heavyweight fighter Mike Tyson once said, “Everyone has a plan until they get punched in the mouth.” In other words, when a company gets hit with a serious data breach, the best-laid plans often go out the window.

To read this article in full, please click here

Read More

Malware: 5 Tips for Fighting the Malicious Software

Read Time:3 Minute, 50 Second

Malware—the term seems to be at the center of the news every day, with each headline telling of a new way the cyber threat has inserted itself into our lives. From an entire attack campaign on banks worldwide, to a strain residing within medical devices, to a variant that has learned to self-heal, the list of malware-based attacks goes on. And as they do, it’s becoming more and more clear that today’s malware has not only become adaptive, but has learned how to spread its wings further than before, to devices beyond laptops and phones, and in a way that creates a longevity behind each cyberattack it spearheads.

However, though it is important to understand the many forms that malware, or malicious software, takes, it’s crucial to first and foremost grasp what it is.

What is Malware?

The abbreviated term for malicious software, “malware,” is a generic term used to describe any type of software or code specifically designed to exploit a computer/mobile device or the data it contains, without consent. Most malware is designed to have some financial gain for the cybercriminal, as crooks typically use it to extract data that they can leverage over victims. That information can range anywhere from financial data, to healthcare records, to personal emails and passwords—the possibilities of what sort of information can be compromised have become endless.

How Malware Spreads

So how exactly can these cybercriminals get their hands on so much data? Since its birth over 30 years ago, malware has found a variety of vessels to help it enact attacks. This includes email attachments, malicious advertisements on popular sites (malvertising), fake software installations, USB drives, infected apps, phishing emails, and even text messages.

Types of Malware

Now, these are just a few of the ways malicious software can be delivered–but there are also different kinds of malware itself. To name a few:

Viruses. Almost always attached in a file, this malware variant usually comes as a document in an email that holds a virus payload (the part of malware that performs the malicious action). Once the victim opens the file, boom—infected.

Worms. This malware strain doesn’t require user interaction or even a file to attack. Instead, worms have the ability to copy themselves from machine to machine, usually by exploiting some sort of security weakness in a software or operating system.

Trojans. This type of malware is the most commonly leveraged by cybercriminals, as of late. Trojans masquerade as harmless applications (for example, those you’d use on your phone), tricking users into downloading and using them. Once up and running, they then can steal personal data, crash a device, spy on the someone’s activities, or even launch a DDoS attack.

Ransomware. One of the most profitable, and therefore one of the most popular, of malware types amongst cybercriminals is ransomware. This variant simply installs itself onto a victim’s machine, encrypts their files, and then turns around and demands a ransom (usually in Bitcoin) to return that data to the user.

How You Can Fight Back

Now that you know what malware is, how it can be delivered, and the many forms it takes, it’s time to learn how you can protect yourself against it:

Keep your operating system and applications updated. Cybercriminals look for vulnerabilities in old or outdated software to capitalize on, so make sure you install updates as soon as they become available since they can close security holes that may have been exposed.

Avoid clicking on unknown links. Whether it comes via email, a social networking site, or a text message, if a link seems unfamiliar, keep away from it. This especially goes for links that come from someone you don’t know.

Be selective about which sites you visit. Do your best to only use known and trusted sites, as well as using comprehensive security packages such as  McAfee Ultimate, to avoid any sites that may in fact be malicious without your knowing.  

Same goes for what apps you download. When looking for your next favorite app, make sure you only download something that checks out. Read app reviews, utilize only official app stores, and if something comes off as remotely fishy, steer clear.

Be alert. Cybercriminals depend on laziness and inattentiveness–so prove them wrong. Don’t believe manipulative emails, don’t leave your computer unattended, and most importantly, stay educated on the kinds of malware that could come your way.

 

The post Malware: 5 Tips for Fighting the Malicious Software appeared first on McAfee Blog.

Read More

Smashing Security podcast #311: TikTok, wiretapping, and your deepfake voice is your password

Read Time:19 Second

Who has been warning Italian criminals that their phones are wiretapped? Can you trust your voice to protect your bank account? And why is TikTok being singled out by investigators?

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis.

Read More