Read Time:5 Second
Kaspersky said that in 2023, the number of mobile attacks soared to nearly 33.8 million
Monthly Archives: February 2024
The LockBit ransomware gang rears its ugly head again, after law enforcement takedown
Read Time:11 Second
Surprise! The LockBit ransomware group has re-emerged, just days after a high-profile law enforcement operation seized control of its infrastructure and disrupted its operations.
Read more in my article on the Hot for Security blog.
USN-6658-1: libxml2 vulnerability
Read Time:10 Second
It was discovered that libxml2 incorrectly handled certain XML documents. A
remote attacker could possibly use this issue to cause libxml2 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
USN-6657-1: Dnsmasq vulnerabilities
Read Time:32 Second
Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Dnsmasq icorrectly handled validating DNSSEC messages. A remote
attacker could possibly use this issue to cause Dnsmasq to consume
resources, leading to a denial of service. (CVE-2023-50387)
It was discovered that Dnsmasq incorrectly handled preparing an NSEC3
closest encloser proof. A remote attacker could possibly use this issue to
cause Dnsmasq to consume resources, leading to a denial of service.
(CVE-2023-50868)
It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP
packet size as required by DNS Flag Day 2020. This issue only affected
Ubuntu 23.10. (CVE-2023-28450)
freeipa-4.10.3-2.fc38
Read Time:7 Second
FEDORA-2024-bbfef02415
Packages in this update:
freeipa-4.10.3-2.fc38
Update description:
Security release: CVE-2024-1481
Resolves: rhbz#2265129
freeipa-4.11.1-2.fc39
Read Time:7 Second
FEDORA-2024-826453ad39
Packages in this update:
freeipa-4.11.1-2.fc39
Update description:
Security release: CVE-2024-1481
Resolves: rhbz#2265129
USN-6656-1: PostgreSQL vulnerability
Read Time:13 Second
It was discovered that PostgreSQL incorrectly handled dropping privileges
when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or
automatic system were tricked into running a specially crafted command, a
remote attacker could possibly use this issue to execute arbitrary SQL
functions.
edk2-20240214-2.fc39
Read Time:5 Second
FEDORA-2024-a9dead34c5
Packages in this update:
edk2-20240214-2.fc39
Update description:
update to edk2-stable202402
Apple Announces Post-Quantum Encryption Algorithms for iMessage
Read Time:52 Second
Apple announced PQ3, its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022.
There’s a lot of detail in the Apple blog post, and more in Douglas Stabila’s security analysis.
I am of two minds about this. On the one hand, it’s probably premature to switch to any particular post-quantum algorithms. The mathematics of cryptanalysis for these lattice and other systems is still rapidly evolving, and we’re likely to break more of them—and learn a lot in the process—over the coming few years. But if you’re going to make the switch, this is an excellent choice. And Apple’s ability to do this so efficiently speaks well about its algorithmic agility, which is probably more important than its particular cryptographic design. And it is probably about the right time to worry about, and defend against, attackers who are storing encrypted messages in hopes of breaking them later on future quantum computers.
Avast Faces $16.5m Fine for Unlawfully Selling User Browsing Data
Read Time:8 Second
The FTC order found that Avast sold browsing data to advertisers that could reveal highly sensitive insights about users, misleading them about privacy protections in the process