The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service operation called “Snatch.”
Learn more about the threat in my article for the Tripwire State of Security blog.
The agreement, which represents an extension to the EU-US Data Privacy Framework, will enable the free flow of personal data between the UK and US
Mickael Karatekin discovered that GNOME Shell incorrectly allowed the
screenshot tool to view open windows when a session was locked. A local
attacker could possibly use this issue to obtain sensitive information.
It was discovered that Python incorrectly handled certain scripts.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash.
Donald Trump Jr may not have just inherited his famous father’s name. He may also have inherited his bad password security.
Do you know what data your car is collecting about you? Do you think it’s right for a car manufacturer to collect a subscription to keep your bottom warm? And just why has YouPorn sent an email to Graham about his sex video?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown’s Andrew Agnês.
Plus don’t miss our featured interview with Gigamon’s Mark Jow.
The Trend Micro report observed that small organizations are being increasingly targeted by ransomware gangs, including LockBit and BlackCat
USN-6391-1 fixed a vulnerability in CUPS. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that CUPS incorrectly parsed certain Postscript objects.
If a user or automated system were tricked into printing a specially
crafted document, a remote attacker could use this issue to cause CUPS to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
It was discovered that ImageMagick did not properly handle memory when
processing the -help option. An attacker could potentially use this
issue to cause a crash.
Jake Appelbaum’s PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits.
Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything else.
And it’s unclear who has those archives anymore. According to Appelbaum, The Intercept destroyed their copy.
I recently published an essay about my experiences ten years ago.
