News

The Crucial Role of Cybersecurity for U.S. Election Offices

October 10, 2023

Read Time:6 Second

U.S. election offices can’t always afford to buy what they need for effective cybersecurity. Here’s how CIS can help.

USN-6426-1: WebKitGTK vulnerabilities

October 10, 2023

Read Time:15 Second

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Advisories

USN-6425-1: Samba vulnerabilities

October 10, 2023

Read Time:47 Second

Sri Nagasubramanian discovered that the Samba acl_xattr VFS module
incorrectly handled read-only files. When Samba is configured to ignore
system ACLs, a remote attacker could possibly use this issue to truncate
read-only files. (CVE-2023-4091)

Andrew Bartlett discovered that Samba incorrectly handled the DirSync
control. A remote attacker with an RODC DC account could possibly use this
issue to obtain all domain secrets. (CVE-2023-4154)

Andrew Bartlett discovered that Samba incorrectly handled the rpcecho
development server. A remote attacker could possibly use this issue to
cause Samba to stop responding, resulting in a denial of service.
(CVE-2023-42669)

Kirin van der Veer discovered that Samba incorrectly handled certain RPC
service listeners. A remote attacker could possibly use this issue to cause
Samba to start multiple incompatible RPC listeners, resulting in a denial
of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-42670)

News

#CyberMonth: Google Makes Passkeys Default Sign-In Option

October 10, 2023

Read Time:5 Second

The tech giant said the move is designed to help efforts to make passwords obsolete

News

Hacktivists send fake nuclear attack warning via Israeli Red Alert app

October 10, 2023

Read Time:12 Second

Hackers have exploited a flaw in a widely-used app that warns of missile attacks against Israel to send a fake alert that a nuclear strike is imminent.

Read more in my article on the Hot for Security blog.

Advisories

USN-6407-2: libx11 vulnerabilities

October 10, 2023

Read Time:53 Second

USN-6407-1 fixed several vulnerabilities in libx11. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Gregory James Duck discovered that libx11 incorrectly handled certain
keyboard symbols. If a user were tricked into connecting to a malicious X
server, a remote attacker could use this issue to cause libx11 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2023-43785)

Yair Mizrahi discovered that libx11 incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could possibly use this issue to consume
memory, leading to a denial of service. (CVE-2023-43786)

Yair Mizrahi discovered that libx11 incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could use this issue to cause libx11 to
crash, leading to a denial of service, or possibly execute arbitrary code.
(CVE-2023-43787)

News