Uh-oh, yet another UK police force has suffered a serious data breach.
After the incidents involving Cumbria Police, Norfolk and Suffolk Police, and – perhaps worst of all – the PSNI in Northern Ireland, it’s now Greater Manchester Police finding itself in the hot seat.
Graham Cluley Security News is sponsored this week by the folks at PlexTrac. Thanks to the great team there for their support! Getting high-quality, actionable pentesting reports doesn’t have to take hours. In fact, automating your processes with PlexTrac enables building a report in as little as five minutes! Conquer time-consuming processes, reduce potential for … Continue reading “Automation is key to effective and efficient pentest reporting”
It was discovered that ModSecurity incorrectly handled certain nested JSON
objects. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2021-42717)
It was discovered that ModSecurity incorrectly handled certain HTTP
multipart requests. A remote attacker could possibly use this issue
to bypass ModSecurity restrictions. (CVE-2022-48279)
It was discovered that ModSecurity incorrectly handled certain file
uploads. A remote attacker could possibly use this issue to cause a
buffer overflow and a firewall failure. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-24021)
It was discovered that libwebp incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a
specially crafted image file, a remote attacker could use this issue to
cause libwebp to crash, resulting in a denial of service, or possibly
execute arbitrary code.
A new court filing from the US Department of Justice suggests the billionaire “may have jeopardized data privacy and security” at Twitter, now known as X