Read Time:5 Second
ESET said the campaign mainly targeted SMEs and governmental entities in Poland, Ecuador and Italy
Daily Archives: August 17, 2023
USN-6294-2: HAProxy vulnerability
Read Time:15 Second
USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the
corresponding updates for Ubuntu 20.04 LTS.
Original advisory details:
Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length
headers. A remote attacker could possibly use this issue to manipulate the
payload and bypass certain restrictions.
USN-6298-1: ZZIPlib vulnerabilities
Read Time:25 Second
Liu Zhu discovered that ZZIPlib incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2018-7727)
YiMing Liu discovered that ZZIPlib incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2020-18442)
USN-6297-1: Ghostscript vulnerability
Read Time:9 Second
It was discovered that Ghostscript incorrectly handled outputting certain
PDF files. A local attacker could potentially use this issue to cause
a crash, resulting in a denial of service.
llhttp-8.1.1-1.el9 python-aiohttp-3.8.5-1.el9
Read Time:16 Second
FEDORA-EPEL-2023-e2fcc4af81
Packages in this update:
llhttp-8.1.1-1.el9
python-aiohttp-3.8.5-1.el9
Update description:
Update llhttp to 8.1.1 (including a SONAME version bump and ABI break, https://pagure.io/epel/issue/241) and python-aiohttp to 3.8.5. Fixes CVE-2023-30589.
Ransomware Surges With 1500 Confirmed Victims This Year
Read Time:6 Second
A Rapid7 report finds there have been at least 1500 ransomware victims in the first half of 2023
FBI warns cryptocurrency app beta-testers of malware menace
Read Time:13 Second
Are you the kind of person who runs the beta-test versions of mobile apps before they are officially released? If so, the FBI is warning you to be on your guard.
Read more in my article on the Hot for Security blog.
Smashing Security podcast #335: AI chat wars, and hacker passwords exposed
Read Time:16 Second
AI chatbots are under fire in Las Vegas, the secrets of hackers’ passwords are put under the microscope, and Graham reveals (possibly) the greatest TV programme of all time.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
USN-6296-1: PostgreSQL vulnerabilities
Read Time:21 Second
It was discovered that PostgreSQL incorrectly handled certain extension
script substitutions. An attacker having database-level CREATE privileges
can use this issue to execute arbitrary code as the bootstrap superuser.
(CVE-2023-39417)
It was discovered that PostgreSQL incorrectly handled the MERGE command. A
remote attacker could possibly use this issue to bypass certain UPDATE and
SELECT policies. This issue only affected Ubuntu 23.04. (CVE-2023-39418)
Detecting “Violations of Social Norms” in Text with AI
Read Time:15 Second
Researchers are trying to use AI to detect “social norms violations.” Feels a little sketchy right now, but this is the sort of thing that AIs will get better at. (Like all of these systems, anything but a very low false positive rate makes the detection useless in practice.)
News article.