News

Smashing Security podcast #326: Right Royal security threats and MOVEit mayhem

June 14, 2023

Read Time:17 Second

There are shocking revelations about a US Government data suck-up, historic security breaches at Windsor Castle, and the MOVEit hack causes consternation.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.

News

Attackers set up rogue GitHub repos with malware posing as zero-day exploits

June 14, 2023

Read Time:38 Second

In an unusual attack campaign, a hacker has been setting up rogue GitHub repositories that claim to host zero-day exploits for popular applications but which instead deliver malware. The attacker also created fake GitHub and Twitter accounts posing as security researchers and even used real photos of researchers from well-known cybersecurity firms.

“The attacker has made a lot of effort to create all these fake personas, only to deliver very obvious malware,” researchers from security firm VulnCheck, who found the rogue repositories, said in a report. “It’s unclear if they have been successful but given that they’ve continued to pursue this avenue of attacks, it seems they believe they will be successful.”

To read this article in full, please click here

Advisories

xstream-1.4.20-1.el8

June 14, 2023

Read Time:9 Second

FEDORA-EPEL-2023-3e2af74f4d

Packages in this update:

xstream-1.4.20-1.el8

Update description:

Security fix for CVE-2021-43859, CVE-2022-40151, CVE-2022-41966

Advisories

CVE-2022-31644

June 14, 2023

Read Time:9 Second

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.