Read Time:5 Second
Newly registered and squatting domains related to ChatGPT grew by 910% between November and April
Daily Archives: April 20, 2023
US charges three men with six million dollar business email compromise plot
Read Time:13 Second
Three Nigerian nationals face charges in a US federal court related to a business email compromise (BEC) scam that is said to have stolen more than US $6 million from victims.
Read more in my article on the Tripwire State of Security blog.
LockBit ransomware for Mac – coming soon?
Read Time:9 Second
In the last couple of days it has become clear that the notorious LockBit ransomware gang has been exploring creating what could become a big headache for users of Mac computers.
#CYBERUK23: UK Strengthens Cybersecurity Audits for Government Agencies
Read Time:5 Second
GovAssure will mandate all UK government departments to go through annual independent, more robust security audits
MacStealer – newly-discovered malware steals passwords and exfiltrates data from infected Macs
Read Time:11 Second
I’m still encountering people who, even after all these years, believe that their Apple Mac computers are somehow magically invulnerable to ever being infected by malware.
Maybe details of this new Mac malware will change their mind…
webkitgtk-2.40.1-1.fc38
Read Time:48 Second
FEDORA-2023-5b61346bbe
Packages in this update:
webkitgtk-2.40.1-1.fc38
Update description:
The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional.
Adjust the scrolling speed for mouse wheels to make it feel more natural.
Allow pasting content using the Asynchronous Clipboard API when the origin is the same as the clipboard contents.
Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking.
Make all supported image types appear in the Accept HTTP header.
Fix text caret blinking when blinking is disabled in the GTK settings.
Fix default database quota size definition.
Fix application of all caps tags listed in the font-feature-settings CSS property.
Fix font height calculations for the font-size-adjust CSS property.
Fix several crashes and rendering issues.
Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205
CVE-2022-24109
Read Time:16 Second
An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller.
CVE-2022-24035
Read Time:13 Second
An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management.
CVE-2021-38364
Read Time:13 Second
An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents.
CVE-2021-38363
Read Time:12 Second
An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process.