USN-5855-3: ImageMagick regression

Read Time:25 Second

USN-5855-2 fixed vulnerabilities in ImageMagick. Unfortunately an additional
mitigation caused a regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that ImageMagick incorrectly handled certain PNG images.
If a user or automated system were tricked into opening a specially crafted
PNG file, an attacker could use this issue to cause ImageMagick to stop
responding, resulting in a denial of service, or possibly obtain the
contents of arbitrary files by including them into images.

Read More

German Police Raid DDoS-Friendly Host ‘FlyHosting’

Read Time:2 Minute, 42 Second

Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure.

A seizure notice left on the FlyHosting domains.

A statement released today by the German Federal Criminal Police Office says they served eight search warrants on March 30, and identified five individuals aged 16-24 suspected of operating “an internet service” since mid-2021. The German authorities did not name the suspects or the Internet service in question.

“Previously unknown perpetrators used the Internet service provided by the suspects in particular for so-called ‘DDoS attacks’, i.e. the simultaneous sending of a large number of data packets via the Internet for the purpose of disrupting other data processing systems,” the statement reads.

News of a raid on FlyHosting first surfaced Thursday in a Telegram chat channel that is frequented by people interested or involved in the DDoS-for-hire industry, where a user by the name Dstatcc broke the news to Fly Hosting customers:

“So Flyhosting made a ‘migration’ with it[s] systems to new rooms of the police ;),” the warning read. “Police says: They support ddos attacks, C&C/C2 and stresser a bit too much. We expect the police will take a deeper look into the files, payment logs and IP’s. If you had a server from them and they could find ‘bad things’ connected with you (payed with private paypal) you may ask a lawyer.”

An ad for FlyHosting posted by the the user “bnt” on the now-defunct cybercrime forum BreachForums. Image: Ke-la.com.

The German authorities said that as a result of the DDoS attacks facilitated by the defendants, the websites of various companies as well as those of the Hesse police have been overloaded in several cases since mid-2021, “so that they could only be operated to a limited extent or no longer at times.”

The statement says police seized mobile phones, laptops, tablets, storage media and handwritten notes from the unnamed defendants, and confiscated servers operated by the suspects in Germany, Finland and the Netherlands.

KrebsOnSecurity has asked the German police for more information about the target of their raids. This post will be updated in the event they respond.

The apparent raids on FlyHosting come amid a broader law enforcement crackdown on DDoS-for-hire services internationally. The U.K.’s National Crime Agency announced last week that it’s been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.

In mid-December 2022, the U.S. Department of Justice (DOJ) announced “Operation Power Off,” which seized four-dozen DDoS-for-hire domains responsible for more than 30 million DDoS attacks, and charged six U.S. men with computer crimes related to their alleged ownership of popular DDoS-for-hire services.

Read More

From Workshops to Leader Panels: A Recap of Women’s History Month at McAfee

Read Time:2 Minute, 37 Second

From Workshops to Leader Panels: A Recap of Women’s History Month at McAfee

March is Women’s History Month and International Women’s Day, and at McAfee, we partnered with McAfee Women in Cyber Security (WISE) Community to organize opportunities to learn from each other, find inspiration in shared experiences, and forge new connections.

Speaker events throughout the month opened the door for discussions about inclusion and equity. With awareness, we can make a difference. Check out what we’ve been up to.

We joined a panel discussion: A Leader’s Lens on Equity

Team McAfee joined a discussion with McAfee leaders. The conversation focused on the challenges women often face and issues of equity. Panelists shared their personal experiences and learning, and we explored how we can embrace and advance equity in our workplace. We discussed what it means to be truly inclusive and how we can continuously improve — we all have a part to play.

Here are just a few snippets from the panelists on how we can embrace equity:

“Embracing equity requires action – be an ally and give everyone at the table a voice.”

​​​​​​​- Jennifer Biry, Chief Financial Officer

“We all have a responsibility to identify inequality. Speak up and give everyone a chance to be successful.”

– Vonny Gamot, VP of Sales​​​​​​​

“It takes all of us. Be aware of behaviors that prevent voices from being heard and then address it with honestly.”

– Steve Grobman, Chief Technology Officer

“Not treating people equitably impacts people at their core.”

– Tina Muller, VP of Operations and Chief of Staff

“If we are to make dent in equity, it’s up to men and women to clear a path.”

– Jeff Ryan, Chief People Officer

“Our job doesn’t end with opportunities. It extends to providing the right support and tools.”

– Arati Sankhe, ​​​​​​​Sr Dir, Software Engineering


We listened to Jacqueline Tame’s Story on redefining roles and careers

Jacqueline Tame, Director of Government Affairs for PsiQuantum and senior advisor to the Chief Digital and AI Officer of the U.S. Department of Defense, joined Team McAfee to round-up the month. Jacqueline shared her personal and professional challenges, how she overcame them, and how they shaped her into the woman and professional she is today.

 

We tuned into a workshop rich with insights

Binda Bhati, a human and organizational psychologist with over 20 years of experience, led a workshop about unconscious minimizers. She provided amazing insights on how women can identify and redefine their identities, combat imposter syndrome, and be more confident in their abilities.

WISE Community workshop focused on Unconscious Minimizers with Binda Bhati

We continue to advance equity and inclusion

McAfee continues to celebrate our women and reinforce our company-wide commitment of fostering an inclusive place to work beyond Women’s History Month. We’re proud of our record of supporting women in the workplace — including four years of pay parity — and we’ll continue to do our part to create a culture where everyone feels valued and respected.

The post From Workshops to Leader Panels: A Recap of Women’s History Month at McAfee appeared first on McAfee Blog.

Read More