SafeMoon claims exploited vulnerability was to blame
Yearly Archives: 2023
US sends million-dollar scammer to prison for four years
31-year-old Solomon Ekunke Okpe, of Lagos, was a member of a gang that devised and executed a variety of scams – including business email compromise (BEC), romance scams, working-from-home scams, and more – between December 2011 and January 2017.
Read more in my article on the Hot for Security blog.
Smashing Security podcast #315: Crypto hacker hijinks, government spyware, and Utah social media shocker
A cryptocurrency hack leads us down a mazze of twisty little passages, Joe Biden’s commercial spyware bill, and Utah gets tough on social media sites.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register’s Iain Thomson.
thunderbird-102.9.1-1.fc36
FEDORA-2023-0e1ae0d5f6
Packages in this update:
thunderbird-102.9.1-1.fc36
Update description:
Update to 102.9.1 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/ ;
https://www.thunderbird.net/en-US/thunderbird/102.9.1/releasenotes/
Update to 102.9.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/ ;
https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes/
thunderbird-102.9.1-1.fc37
FEDORA-2023-d093c0cd27
Packages in this update:
thunderbird-102.9.1-1.fc37
Update description:
Update to 102.9.1 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/ ;
https://www.thunderbird.net/en-US/thunderbird/102.9.1/releasenotes/
thunderbird-102.9.1-1.fc38
FEDORA-2023-a9c17dff60
Packages in this update:
thunderbird-102.9.1-1.fc38
Update description:
Update to 102.9.1 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/ ;
https://www.thunderbird.net/en-US/thunderbird/102.9.1/releasenotes/
USN-5988-1: Xcftools vulnerabilities
It was discovered that integer overflows vulnerabilities existed in Xcftools.
An attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2019-5086, CVE-2019-5087)
CVE-2022-1274
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
CVE-2021-41526
A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.
CVE-2019-8963
A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher’s lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool.