FEDORA-2024-8fd3285bd9
Packages in this update:
dotnet7.0-7.0.117-1.fc38
Update description:
This is the March 2024 update for .NET 7.
Release Notes: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.17/7.0.17.md
dotnet7.0-7.0.117-1.fc38
This is the March 2024 update for .NET 7.
Release Notes: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.17/7.0.17.md
dotnet7.0-7.0.117-1.fc39
This is the March 2024 update for .NET 7.
Release Notes: https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.17/7.0.17.md
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
The intricate world of cybercrime continues to evolve, and with it emerges a disturbing trend known as “digital arrests.” In this scam, fraudsters manipulate technology to instil fear, isolate victims, and ultimately extort them for financial gain. Reports indicate that digital arrests are on the rise globally, leading to devastating consequences for individuals and businesses alike.
Digital arrests refer to a type of a sophisticated cyber fraud where cyber-criminals impersonate law enforcement officials or other authorities. The targets of these scams are often contacted out of the blue usually on Instant messaging apps like WhatsApp and informed that their bank accounts, digital identities, or other online assets have been compromised. Criminals play into the victims’ fear by threatening them with imminent arrest, legal consequences, or public humiliation if they don’t cooperate with a series of urgent demands.
Fraudsters behind digital arrests are masters of psychological manipulation. They understand that fear and urgency are powerful motivators that can cloud judgment and lead people to act against their best interests. By creating a fabricated sense of crisis, they pressure victims into making hasty decisions without the chance for rational thought or verification.
The techniques used in digital arrests are diverse and constantly evolving. Here’s how they typically unfold:
Impersonation: Criminals pose as law enforcement, bank representatives, or other authoritative figures, using forged documents and spoofed phone numbers to create a convincing facade of legitimacy.
False Accusations: Victims are accused of involvement in illegal activities, money laundering, identity theft, or other serious crimes.
Demands and Threats: Scammers demand sensitive information like banking credentials, passwords, and personal identification details. They instil fear with threats of arrest, hefty fines, or the release of compromising information.
Technological Trickery: Fraudsters often trick victims into downloading remote access software like TeamViewer or AnyDesk, inadvertently giving criminals extensive control over their devices.
Monitored ‘Interrogation’: Criminals may insist on video calls to maintain their illusion of authority and monitor victims. They may threaten to fabricate and disseminate compromising evidence to extort large sums of money.
Some real-life incidents as to understand these cybercrimes are given below:
Case I: A Noida woman was duped out of over Rs 11 lakh (approximately $13,500 USD) in a digital arrest scam. The scammers, posing as police officers, convinced her that her identity was used in illicit activities and her involvement carried severe legal ramifications. Through prolonged interrogation on a video call, they led her to transfer the funds under the guise of protection.
Case II: A 23-year-old woman was defrauded of Rs 2.5 lakh (approximately $3,000 USD) after fraudsters convinced her that her Aadhaar card details were linked to human trafficking activities. Facing threats of arrest and social humiliation, she was coerced into transferring money to various accounts.
Digital arrests are a growing threat, fuelled by these factors:
Technological Sophistication: The ease of disguising identities, gaining remote access, and evading detection emboldens criminals.
Global Networks: Cybercrime rings often operate across borders, adding complexity to investigation and prosecution.
Heightened Online Reliance: As more of our lives move online, the potential attack surface for fraudsters expands exponentially.
Remember: Law enforcement rarely initiates contact by phone and never threatens immediate arrest. Hang up and verify through official channels.
Never Share: Don’t give out passwords, PINs, or personal details unless certain of the recipient’s legitimacy.
Secure Your Devices: Strong antivirus, firewalls, and regular updates are essential. Be very cautious about downloads or granting remote access.
Do not panic and contact relevant cybercrime agency in your area.
Additionally, you can access resources and information on cybersecurity from CISA at https://www.cisa.gov/ .
Digital arrests are a stark reminder of the need for constant vigilance in the digital world. By understanding the tactics, staying informed, and taking precautions, we can drastically reduce our vulnerability. Additionally, spreading awareness and collective action are vital in the fight to dismantle the global networks behind these devastating scams.
Hundreds of Indians forced into cybercrime by Cambodian gangs have been rescued
FTC figures reveal a three-fold increase in losses from impersonation scams over the past three years
python-pillow-10.3.0-1.fc39
Update to 10.3.0.
cockpit-311.2-1.fc38
sosreport: Fix command injection with crafted report names [CVE-2024-2947]
What is the vulnerability/attack?
A malicious code was discovered embedded in the XZ Utils which is a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 is a result of a supply chain attack on the versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced an unexpected behavior which led to further investigation and discovery of the vulnerability.
What is the recommended Mitigation?
CISA has advised XZ Utils users to downgrade to an older version of the utility immediately (i.e., any version before 5.6.0) and update their installations and packages according to distribution maintainer directions. Major Linux distributions and package maintainers have published guidance on updating. Please see the link and refer to individual distribution and package advisories for the latest information and remediation guidance.
What FortiGuard Coverage is available?
The situation is still developing; the FortiGuard team will update the threat signal and provide more information on related protections as they are released. FortiGuard Incident Response team can be engaged to help with any suspected compromise.
A directory traversal vulnerability was discovered in py7zr, a library
and command-line utility to process 7zip archives.