Read Time:7 Second
Multiple vulnerabilities have been discocvered in Wireshark, a network
protocol analyzer which could result in denial of service or the
execution of arbitrary code.
Monthly Archives: June 2023
DSA-5427 webkit2gtk – security update
Read Time:3 Second
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
Smashing Security podcast #326: Right Royal security threats and MOVEit mayhem
Read Time:17 Second
There are shocking revelations about a US Government data suck-up, historic security breaches at Windsor Castle, and the MOVEit hack causes consternation.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.
Attackers set up rogue GitHub repos with malware posing as zero-day exploits
Read Time:38 Second
In an unusual attack campaign, a hacker has been setting up rogue GitHub repositories that claim to host zero-day exploits for popular applications but which instead deliver malware. The attacker also created fake GitHub and Twitter accounts posing as security researchers and even used real photos of researchers from well-known cybersecurity firms.
“The attacker has made a lot of effort to create all these fake personas, only to deliver very obvious malware,” researchers from security firm VulnCheck, who found the rogue repositories, said in a report. “It’s unclear if they have been successful but given that they’ve continued to pursue this avenue of attacks, it seems they believe they will be successful.”
xstream-1.4.20-1.el8
Read Time:9 Second
FEDORA-EPEL-2023-3e2af74f4d
Packages in this update:
xstream-1.4.20-1.el8
Update description:
Security fix for CVE-2021-43859, CVE-2022-40151, CVE-2022-41966
CVE-2022-31644
Read Time:9 Second
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
CVE-2022-31642
Read Time:9 Second
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
CVE-2022-31641
Read Time:9 Second
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
CVE-2022-31640
Read Time:9 Second
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
iniparser-4.1-6.el8
Read Time:6 Second
FEDORA-EPEL-2023-f48765fe4c
Packages in this update:
iniparser-4.1-6.el8
Update description:
Security fix for CVE-2023-33461