Dozens arrested in Spain after months-long operation
Monthly Archives: October 2023
USN-6422-2: Ring vulnerabilities
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
(CVE-2023-27585)
Original advisory details:
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-37706)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,
CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723,
CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754,
CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031,
CVE-2022-39244)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722)
It was discovered that Ring incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
(CVE-2023-27585)
Healthcare Ransomware Attacks Cost US $78bn
USN-6448-1: Sofia-SIP vulnerability
Xu Biang discovered that Sofia-SIP did not properly manage memory when
handling STUN packets. An attacker could use this issue to cause
Sofia-SIP to crash, resulting in a denial of service, or possibly execute
arbitrary code.
DSA-5532-1 openssl – security update
Tony Battersby reported that incorrect cipher key and IV length
processing in OpenSSL, a Secure Sockets Layer toolkit, may result in
loss of confidentiality for some symmetric cipher modes.
Additional details can be found in the upstream advisory:
https://www.openssl.org/news/secadv/20231024.txt
DSA-5533-1 gst-plugins-bad1.0 – security update
Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework and its codecs and demuxers, which may result in denial
of service or potentially the execution of arbitrary code if a malformed
media file is opened.
DSA-5532 openssl – security update
Tony Battersby reported that incorrect cipher key and IV length
processing in OpenSSL, a Secure Sockets Layer toolkit, may result in
loss of confidentiality for some symmetric cipher modes.
DSA-5533 gst-plugins-bad1.0 – security update
Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework and its codecs and demuxers, which may result in denial
of service or potentially the execution of arbitrary code if a malformed
media file is opened.
CVE-2022-22466
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.
Cybersecurity as a Service: A new, flexible model for security program development and operation
Cybersecurity services are changing, especially cybersecurity consulting. Vendors are quickly adapting service delivery models as they look to better support digital-first business and security leaders are tasked with driving business innovation and growth by going faster, being more agile, and doing more with fewer people. New models like “Cybersecurity as a Service” are emerging, aimed at addressing such challenges.
Watch this brand new video short and learn how it all works from AT&T Cybersecurity consultant, Bindu Sundaresan. Dave Gruber of Enterprise Strategy Group (ESG) interviews Bindu in this video to break it down: