Read Time:8 Second
The US government will investigate whether protected healthcare information was breached in the Change Healthcare ransomware attack, and if the firm complied with HIPAA rules
Daily Archives: March 14, 2024
amavis-2.13.1-1.el8
Read Time:8 Second
FEDORA-EPEL-2024-d521530f6a
Packages in this update:
amavis-2.13.1-1.el8
Update description:
Update to version 2.13.1
Fix CVE-2024-28054
amavis-2.13.1-1.el9
Read Time:8 Second
FEDORA-EPEL-2024-2fb51140b6
Packages in this update:
amavis-2.13.1-1.el9
Update description:
Update to version 2.13.1
Fix CVE-2024-28054
amavis-2.13.1-1.fc38
Read Time:8 Second
FEDORA-2024-1d87055861
Packages in this update:
amavis-2.13.1-1.fc38
Update description:
Update to version 2.13.1
Fix CVE-2024-28054
amavis-2.13.1-1.fc39
Read Time:8 Second
FEDORA-2024-3cf9eb64ba
Packages in this update:
amavis-2.13.1-1.fc39
Update description:
Update to version 2.13.1
Fix CVE-2024-28054
amavis-2.13.1-1.fc40
Read Time:8 Second
FEDORA-2024-8bbcae6af2
Packages in this update:
amavis-2.13.1-1.fc40
Update description:
Update to version 2.13.1
Fix CVE-2024-28054
LockBit affiliate jailed for almost four years after guilty plea
Read Time:12 Second
An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges.
Read more in my article on the Tripwire State of Security blog.
USN-6695-1: TeX Live vulnerabilities
Read Time:48 Second
It was discovered that TeX Live incorrectly handled certain memory
operations in the embedded axodraw2 tool. An attacker could possibly use
this issue to cause TeX Live to crash, resulting in a denial of service.
This issue only affected Ubuntu 20.04 LTS. (CVE-2019-18604)
It was discovered that TeX Live allowed documents to make arbitrary
network requests. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could possibly use this issue
to exfiltrate sensitive information, or perform other network-related
attacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2023-32668)
It was discovered that TeX Live incorrectly handled certain TrueType fonts.
If a user or automated system were tricked into opening a specially crafted
TrueType font, a remote attacker could use this issue to cause TeX Live to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2024-25262)
Google Paid $10m in Bug Bounties to Security Researchers in 2023
Read Time:7 Second
Google revealed it paid $10m in bug bounty payments to more than 600 researchers in 2023, with the highest single payment being £113,337
Automakers Are Sharing Driver Data with Insurers without Consent
Read Time:43 Second
Kasmir Hill has the story:
Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving. Some drivers may not realize that, if they turn on these features, the car companies then give information about how they drive to data brokers like LexisNexis [who then sell it to insurance companies].
Automakers and data brokers that have partnered to collect detailed driving data from millions of Americans say they have drivers’ permission to do so. But the existence of these partnerships is nearly invisible to drivers, whose consent is obtained in fine print and murky privacy policies that few read.