Read Time:4 Second
Two Maryland residents have been convicted of a multimillion-dollar fraud scheme against Apple
Daily Archives: February 22, 2024
Ransomware Warning as CVSS 10.0 ScreenConnect Bug is Exploited
Read Time:4 Second
Researchers warn of a “ransomware free-for-all” after ScreenConnect vulnerability is exploited
Businesses Increase Cybersecurity as Budgets Surge in 2024
Read Time:7 Second
Over two-thirds of IT decision-makers increase cybersecurity budgets in 2024, prioritizing cloud security and incident response as cyber threats escalate
firefox-123.0-1.fc39
Read Time:6 Second
FEDORA-2024-bc8ea2c2cb
Packages in this update:
firefox-123.0-1.fc39
Update description:
New upstream release (123.0)
USN-6649-1: Firefox vulnerabilities
Read Time:1 Minute, 0 Second
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-1547,
CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1553, CVE-2024-1554,
CVE-2024-1555, CVE-2024-1557)
Alfred Peters discovered that Firefox did not properly manage memory when
storing and re-accessing data on a networking channel. An attacker could
potentially exploit this issue to cause a denial of service.
(CVE-2024-1546)
Johan Carlsson discovered that Firefox incorrectly handled Set-Cookie
response headers in multipart HTTP responses. An attacker could
potentially exploit this issue to inject arbitrary cookie values.
(CVE-2024-1551)
Gary Kwong discovered that Firefox incorrectly generated codes on 32-bit
ARM devices, which could lead to unexpected numeric conversions or
undefined behaviour. An attacker could possibly use this issue to cause a
denial of service. (CVE-2024-1552)
Ronald Crane discovered that Firefox did not properly manage memory when
accessing the built-in profiler. An attacker could potentially exploit
this issue to cause a denial of service. (CVE-2024-1556)
USN-6648-1: Linux kernel vulnerabilities
Read Time:55 Second
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)
Zhenghan Wang discovered that the generic ID allocator implementation in
the Linux kernel did not properly check for null bitmap when releasing IDs.
A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-6915)
Robert Morris discovered that the CIFS network file system implementation
in the Linux kernel did not properly validate certain server commands
fields, leading to an out-of-bounds read vulnerability. An attacker could
use this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2024-0565)
Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2024-0646)
Smashing Security podcast #360: Lockbit locked out, and funeral Facebook scams
Read Time:13 Second
Heaven’s above! Scammers are exploiting online funerals, and Lockbit – the “Walmart of Ransomware” – is dismantled in style by cyber cops.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
DSA-5628-1 imagemagick – security update
Read Time:15 Second
This update fixes multiple vulnerabilities in Imagemagick: Various memory
handling problems and cases of missing or incomplete input sanitising
may result in denial of service, memory disclosure or potentially the
execution of arbitrary code if malformed image files are processed.