Read Time:9 Second
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 2.60 version
of the Mozilla certificate authority bundle.
Monthly Archives: May 2023
USN-6104-1: PostgreSQL vulnerabilities
Read Time:18 Second
Alexander Lakhin discovered that PostgreSQL incorrectly handled certain
CREATE privileges. An authenticated user could possibly use this issue to
execute arbitrary code as the bootstrap supervisor. (CVE-2023-2454)
Wolfgang Walther discovered that PostgreSQL incorrectly handled certain row
security policies. An authenticated user could possibly use this issue to
complete otherwise forbidden reads and modifications. (CVE-2023-2455)
US Sanctions North Korean Entities Training Expat IT Workers in Russia, China and Laos
Read Time:6 Second
Illicit North Korean IT workers send the money they made from abroad to fund Kim’s regime, US Treasury Department said
c-ares-1.19.1-1.fc37
Read Time:10 Second
FEDORA-2023-ae97529c00
Packages in this update:
c-ares-1.19.1-1.fc37
Update description:
Update to 1.19.1. Fixes CVE-2023-32067, CVE-2023-31130, CVE-2023-31147, CVE-2023-31124
c-ares-1.19.1-1.fc38
Read Time:10 Second
FEDORA-2023-520848815b
Packages in this update:
c-ares-1.19.1-1.fc38
Update description:
Update to 1.19.1. Fixes CVE-2023-32067, CVE-2023-31130, CVE-2023-31147, CVE-2023-31124
Private Sector Cybersecurity Task Force Called for to Defend Democracies
Read Time:4 Second
Jessica Berlin, an independent consultant, calls for private sector task force to defend democracies
New hyperactive phishing campaign uses SuperMailer templates: Report
Read Time:27 Second
SuperMailer, a legitimate email newsletter program, has been found abused by threat actors to conduct a high-volume credential harvesting campaign, according to network security firm Cofense.
“The SuperMailer-generated emails have been reaching inboxes at an increasingly remarkable volume,” Brah Haas, cyber threat intelligence analyst at Cofense, said in a blog post. “Emails containing the unique SuperMailer string barely registered in January and February, but in the first half of May they accounted for over 5% of credential phishing emails.”
US sanctions four North Korean entities for global cyberattacks
Read Time:28 Second
The US Department of Treasury has imposed sanctions on four entities and one individual involved in illicit revenue generation and malicious online activities to generate revenue for the Democratic People’s Republic of Korea’s (North Korea) activities.
The entities and individuals sanctioned are the Pyongyang University of Automation, the RGB’s Technical Reconnaissance Bureau, the 110th Research Center cybersecurity unit, Chinyong Information Technology Cooperation Company, and North Korean national Kim Sang Man, the US Department of State said in a press statement.
Indiana, Iowa, and Tennessee Pass Comprehensive Privacy Laws
Read Time:16 Second
It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight. No private right of action in any of those, which means it’s up to the states to enforce the laws.
USN-6103-1: JSON Schema vulnerability
Read Time:15 Second
It was discovered that JSON Schema incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to exploit
JavaScript runtimes and cause a denial of service or execute arbitrary code.