Read Time:11 Second
FEDORA-EPEL-2023-1e00c3d01e
Packages in this update:
cutter-re-2.2.0-1.el8
rizin-0.5.1-1.el8
Update description:
rebase rizin to v0.5.1 and cutter-re to 0.2.0
Daily Archives: March 15, 2023
Cybercriminals target SVB customers with BEC and cryptocurrency scams
Read Time:37 Second
Cybercriminals have started taking advantage of Silicon Valley Bank’s (SVB) downfall to carrying out scams that can steal money, and bank account information, or infect customers’ systems with malware.
SVB was shut down on March 10 by the California Department of Financial Protection and Innovation, after the bank failed to raise capital to keep running.
SVB customers are expected to transfer their financial operations to other banks in the coming weeks. This means these customers will receive notifications including the new bank account numbers from their new bank. Hackers are using this as an opportunity by posing as banks and carrying out phishing and business email compromise (BEC) campaigns, targeting SVB customers.
Palo Alto announces new SD-WAN features for IoT security, compliance support
Read Time:41 Second
Cybersecurity vendor Palo Alto has announced new software-defined wide area network (SD-WAN) features in its Prisma SASE solution for IoT device security and to help customers meet industry-specific security compliance requirements. It has also announced advanced URL filtering for the prevention of unknown and evasive man-in-the-middle (MitM) and SaaS platform phishing attacks.
SD-WAN for IoT security provides device visibility, prevents threats
Prisma SD-WAN with integrated IoT security enables accurate detection and identification of branch IoT devices, Palo Alto stated. It allows customers to enable security controls from within the familiar cloud management for Prisma SASE without the need for additional appliances and sensors to be deployed in the network in order to gain visibility into IoT devices and prevent threats.
USN-5955-1: Emacs vulnerability
Read Time:10 Second
It was discovered that Emacs did not properly manage certain files when
using htmlfontify functionality. A local attacker could possibly use this
issue to cause a denial of service, or possibly execute arbitrary commands.
Why Your Organization Needs a Cybersecurity Roadmap
Read Time:7 Second
To minimize the risk of a data breach, you need to be strategic and plan out your cybersecurity journey by creating a cybersecurity roadmap.[…]
USN-5952-1: OpenJPEG vulnerabilities
Read Time:51 Second
Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected Ubuntu 18.04
LTS. (CVE-2020-6851, CVE-2020-8112)
It was discovered that OpenJPEG incorrectly handled certain inputs. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
(CVE-2020-15389, CVE-2020-27814, CVE-2020-27823, CVE-2020-27824,
CVE-2020-27841, CVE-2020-27845)
It was discovered that OpenJPEG incorrectly handled certain inputs. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to cause a denial of
service. (CVE-2020-27842, CVE-2020-27843)
USN-5954-1: Firefox vulnerabilities
Read Time:1 Minute, 0 Second
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-25750,
CVE-2023-25752, CVE-2023-28162, CVE-2023-28176, CVE-2023-28177)
Lukas Bernhard discovered that Firefox did not properly manage memory
when invalidating JIT code while following an iterator. An attacker could
potentially exploits this issue to cause a denial of service.
(CVE-2023-25751)
Rob Wu discovered that Firefox did not properly manage the URLs when
following a redirect to a publicly accessible web extension file. An
attacker could potentially exploits this to obtain sensitive information.
(CVE-2023-28160)
Luan Herrera discovered that Firefox did not properly manage cross-origin
iframe when dragging a URL. An attacker could potentially exploit this
issue to perform spoofing attacks. (CVE-2023-28164)
Khiem Tran discovered that Firefox did not properly manage one-time
permissions granted to a document loaded using a file: URL. An attacker
could potentially exploit this issue to use granted one-time permissions
on the local files came from different sources. (CVE-2023-28161)
UK Bank Limits Crypto Payments to Smother Fraud
Beyond Identity launches Zero Trust Authentication to align verification with zero-trust principles
Read Time:26 Second
Multifactor authentication (MFA) provider Beyond Identity has announced the launch of Zero Trust Authentication — a sub-category of zero trust security that the firm says aligns verification with zero-trust principles. Zero Trust Authentication has several key features including passwordless capability and phishing resistance that allow businesses to verify the identities of people and devices with zero-trust-level certainty, according to Beyond Trust. Without such enhanced verification capacities, organizations cannot truly implement zero trust security, it said.