Read Time:5 Second
It assesses information hackers could get from a victim program protected by an obfuscation scheme
Monthly Archives: June 2023
webkitgtk-2.40.3-1.fc37
Read Time:17 Second
FEDORA-2023-be1ed6a2b4
Packages in this update:
webkitgtk-2.40.3-1.fc37
Update description:
Update to 2.40.3:
Make memory pressure monitor honor memory.memsw.usage_in_bytes if exists.
Include key modifiers in wheel events.
Apply cookie blocking policy to WebSocket handshakes.
Fix several crashes and rendering issues.
Security fixes: CVE-2023-32439
Charming Kitten’s PowerStar Malware Evolves with Advanced Techniques
Read Time:4 Second
Volexity said the updated malware uses IPFS, public cloud hosting for decryption and configuration
CVE-2015-1313
Read Time:14 Second
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
USN-6193-1: Linux kernel vulnerabilities
Read Time:25 Second
Hangyu Hua discovered that the Flower classifier implementation in the
Linux kernel contained an out-of-bounds write vulnerability. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-35788, LP: #2023577)
It was discovered that for some Intel processors the INVLPG instruction
implementation did not properly flush global TLB entries when PCIDs are
enabled. An attacker could use this to expose sensitive information
(kernel memory) or possibly cause undesired behaviors. (LP: #2023220)
Redacting Documents with a Black Sharpie Doesn’t Work
Read Time:28 Second
We have learned this lesson again:
As part of the FTC v. Microsoft hearing, Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games.
It looks like someone redacted the documents with a black Sharpie but when you scan them in, it’s easy to see some of the redactions. Oops.
I don’t particularly care about the redacted information, but it’s there in the article.
LockBit Dominates Ransomware World, New Report Finds
Read Time:4 Second
LockBit becomes one of the first major ransomware operations to specifically target macOS
Over 1500 gas stations disrupted in Canada, after energy giant hacked
Read Time:13 Second
Suncor, one of the largest energy companies in North America, has suffered a cyber attack that left Canadian motorists unable to make gas station purchases with payment cards, and even disabled car washes.
Read more in my article on the Hot for Security blog.
USN-6192-1: Linux kernel vulnerabilities
Read Time:38 Second
Hangyu Hua discovered that the Flower classifier implementation in the
Linux kernel contained an out-of-bounds write vulnerability. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-35788, LP: #2023577)
Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the
Linux kernel did not properly handle locking when IOPOLL mode is being
used. A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-2430)
It was discovered that for some Intel processors the INVLPG instruction
implementation did not properly flush global TLB entries when PCIDs are
enabled. An attacker could use this to expose sensitive information
(kernel memory) or possibly cause undesired behaviors. (LP: #2023220)