Graham Cluley Security News is sponsored this week by the folks at PureDome. Thanks to the great team there for their support! PureDome offers a secure, quick, reliable solution that enhances and safeguards business network security. With seamless deployment, you can effortlessly expand your corporate network without sacrificing performance. By consolidating critical aspects of user … Continue reading “Protect your business network with PureDome”
Daily Archives: May 29, 2023
USN-6005-2: Sudo vulnerabilities
USN-6005-1 fixed vulnerabilities in Sudo. This update
provides the corresponding updates for Ubuntu 16.04 LTS.
Original advisory details:
Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly
escaped control characters in log messages and sudoreplay output. An
attacker could possibly use these issues to inject terminal control
characters that alter output when being viewed.
New phishing technique poses as a browser-based file archiver
A new phishing technique can leverage the “file archiver in browser” exploit to emulate an archiving software in the web browser when a victim visits a .zip domain, according to a security researcher identifying as mr.d0x.
The attacker essentially simulates a file archiving software like WinRAR in the browser and masks it under the .zip domain to stage the phishing attack.
“Performing this attack first requires you to emulate a file archive software using HTML/CSS,” said mr.d0x in a blog post. “I’ve uploaded two samples to my GitHub for anyone to use. While the first one emulates the WinRAR file archive utility, the other one emulates the Windows 11 File Explorer window.”
USN-6110-1: Jhead vulnerabilities
It was discovered that Jhead did not properly handle certain crafted Canon
images when processing them. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-3496)
It was discovered that Jhead did not properly handle certain crafted images
when printing Canon-specific information. An attacker could possibly use this
issue to crash Jhead, resulting in a denial of service. (CVE-2021-28275)
It was discovered that Jhead did not properly handle certain crafted images
when removing unknown sections. An attacker could possibly use this issue to
crash Jhead, resulting in a denial of service. (CVE-2021-28275)
Kyle Brown discovered that Jhead did not properly handle certain crafted
images when editing their comments. An attacker could possibly use this to
crash Jhead, resulting in a denial of service. (LP: #2020068)
Insider risk management: Where your program resides shapes its focus
There’s no getting around it, I am long in the tooth and have been dealing with individuals who break trust within their work environment for more than 30 years, both in government (where we called it counterespionage or counterintelligence) and in the private sector.
Today we call programs that help prevent or identify breaches of trust insider risk management (IRM). Over the years I have hypothesized that where such IRM programs reside within an organization will have a material impact on its focus and possibly its overall effectiveness.
In 2019, a CSO article raised the question “Insider risk management — who’s the boss?” and examined where the buck should stop in terms of taking responsibility for threats from within. Here we are four years later and the predicted growth of the role of an individual with a unique focus on the “insider threat” or “insider risk management” program hasn’t yet settled — it continues to evolve.
USN-6097-1: Linux PTP vulnerability
It was discovered that Linux PTP did not properly perform a length check
when forwarding a PTP message between ports. A remote attacker could
possibly use this issue to access sensitive information, execute
arbitrary code, or cause a denial of service.