The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service operation called “Snatch.”
Learn more about the threat in my article for the Tripwire State of Security blog.
Mickael Karatekin discovered that GNOME Shell incorrectly allowed the
screenshot tool to view open windows when a session was locked. A local
attacker could possibly use this issue to obtain sensitive information.
It was discovered that Python incorrectly handled certain scripts.
An attacker could possibly use this issue to execute arbitrary code
or cause a crash.
Do you know what data your car is collecting about you? Do you think it’s right for a car manufacturer to collect a subscription to keep your bottom warm? And just why has YouPorn sent an email to Graham about his sex video?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown’s Andrew Agnês.
Plus don’t miss our featured interview with Gigamon’s Mark Jow.
USN-6391-1 fixed a vulnerability in CUPS. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that CUPS incorrectly parsed certain Postscript objects.
If a user or automated system were tricked into printing a specially
crafted document, a remote attacker could use this issue to cause CUPS to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
It was discovered that ImageMagick did not properly handle memory when
processing the -help option. An attacker could potentially use this
issue to cause a crash.
Jake Appelbaum’s PhD thesis contains several newrevelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits.
Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything else.
And it’s unclear who has those archives anymore. According to Appelbaum, The Intercept destroyed their copy.
I recently published an essay about my experiences ten years ago.