A British IT worker who exploited a ransomware attack against the company he worked for, in an attempt to extort money from them for himself, has been sentenced to jail for three years and seven months.
R-jsonlite-1.8.5-2.fc38
Security fix for CVE-2023-33460a
Unit 42 researchers believe a Russian threat group repurposed a legitimate flyer for a BMW car sent to embassies in Kyiv, Ukraine
Bugcrowd’s report finds that many ethical hackers are utilizing generative AI in their work, but 72% argue it will never replace human creativity
No surprise, but Google just changed its privacy policy to reflect broader uses of all the surveillance data it has captured over the years:
Research and development: Google uses information to improve our services and to develop new products, features and technologies that benefit our users and the public. For example, we use publicly available information to help train Google’s AI models and build products and features like Google Translate, Bard, and Cloud AI capabilities.
(I quote the privacy policy as of today. The Mastodon link quotes the privacy policy from ten days ago. So things are changing fast.)
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 20.10 and Ubuntu 20.04 LTS.
(CVE-2023-28755)
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a denial of service.
This issue exists because of an incomplete fix for CVE-2023-28755.
(CVE-2023-36617)
Hangyu Hua discovered that the Flower classifier implementation in the
Linux kernel contained an out-of-bounds write vulnerability. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-35788, LP: #2023577)
It was discovered that for some Intel processors the INVLPG instruction
implementation did not properly flush global TLB entries when PCIDs are
enabled. An attacker could use this to expose sensitive information
(kernel memory) or possibly cause undesired behaviors. (LP: #2023220)
Banks and financial service providers have emerged as attractive targets for the most prominent ransomware groups
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
