Read Time:7 Second
FEDORA-2023-f5d075f7f2
Packages in this update:
tkimg-1.4.14-3.fc37
Update description:
Apply upstream libtiff fix for CVE-2022-4645
Monthly Archives: March 2023
tkimg-1.4.14-3.fc36
Read Time:7 Second
FEDORA-2023-40b675d7ae
Packages in this update:
tkimg-1.4.14-3.fc36
Update description:
Apply upstream libtiff fix for CVE-2022-4645
Sharp Panda Target Southeast Asia in Espionage Campaign Expansion
Read Time:5 Second
New campaign leverages a new version of the SoulSearcher loader and the Soul modular framework
Shein App Accessed Clipboard Data on Android Devices
Ransomware Attack Against Barcelona Hospital Disrupts Operations
Read Time:4 Second
A Catalonia government statement attributed the attack to the threat actor known as RansomHouse
CVE-2020-36670
Read Time:22 Second
The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more.
Russia’s Cyber Tactics in Ukraine Shift to Focus on Espionage
Read Time:6 Second
Russian state-backed hackers is shifting from disruption tactics, with the likes of wiper attacks, to cyber espionage
USN-5933-1: Libtpms vulnerabilities
Read Time:20 Second
Francisco Falcon discovered that Libtpms did not properly manage memory
when performing certain cryptographic operations. An attacker could
possibly use this issue to cause a denial of service, or possibly execute
arbitrary code. (CVE-2023-1017, CVE-2023-1018)
It was discovered that Libtpms did not properly manage memory when
handling certain commands. An attacker could possibly use this issue
to cause a denial of service.
CVE-2015-10087
Read Time:29 Second
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Attack campaign uses PHP-based infostealer to target Facebook business accounts
Read Time:43 Second
Over the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. The infection chain uses DLL sideloading via legitimate apps, as well as self-contained executable files written in various programming languages such as Rust, Python, and PHP.
“We have seen SYS01stealer attacking critical government infrastructure employees, manufacturing companies, and other industries,” researchers from security firm Morphisec said in a new report. “The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure victims into downloading a malicious file. The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information.”