Sweden experienced a wave of DDoS attacks as the country was working towards joining NATO, Netscout found
Monthly Archives: May 2024
stb-0^20240213gitae721c5-5.fc38
FEDORA-2024-5e5d8c2581
Packages in this update:
stb-0^20240213gitae721c5-5.fc38
Update description:
Security fix for CVE-2023-45681 / CVE-2023-47212
stb-0^20240213gitae721c5-6.fc39
FEDORA-2024-4c8d4cda0d
Packages in this update:
stb-0^20240213gitae721c5-6.fc39
Update description:
Security fix for CVE-2023-45681 / CVE-2023-47212
stb-0^20240213gitae721c5-6.fc40
FEDORA-2024-8f4d69d2ec
Packages in this update:
stb-0^20240213gitae721c5-6.fc40
Update description:
Security fix for CVE-2023-45681 / CVE-2023-47212
Top 10 Malware Q1 2024
The Top 10 Malware in Q1 2024 changed slightly from the previous quarter. Here’s what the CIS Cyber Threat Intelligence team observed.
USN-6762-1: GNU C Library vulnerabilities
It was discovered that GNU C Library incorrectly handled netgroup requests.
An attacker could possibly use this issue to cause a crash or execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9984)
It was discovered that GNU C Library might allow context-dependent
attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.
(CVE-2015-20109)
It was discovered that GNU C Library when processing very long pathname arguments to
the realpath function, could encounter an integer overflow on 32-bit
architectures, leading to a stack-based buffer overflow and, potentially,
arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.
(CVE-2018-11236)
It was discovered that the GNU C library getcwd function incorrectly
handled buffers. An attacker could use this issue to cause the GNU C
Library to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-3999)
Charles Fol discovered that the GNU C Library iconv feature incorrectly
handled certain input sequences. An attacker could use this issue to cause
the GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2024-2961)
Three-Quarters of CISOs Admit App Security Incidents
Dynatrace research claims global CISOs are concerned AI is driving advanced app security threats and poor developer practices
Security Breach Exposes Dropbox Sign Users
Attackers accessed emails, usernames, phone numbers, hashed passwords and authentication information
The UK Bans Default Passwords
The UK is the first country to ban default passwords on IoT devices.
On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted.
The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for.
The UK may be the first country, but as far as I know, California is the first jurisdiction. It banned default passwords in 2018, the law taking effect in 2020.
This sort of thing benefits all of us everywhere. IoT manufacturers aren’t making two devices, one for California and one for the rest of the US. And they’re not going to make one for the UK and another for the rest of Europe, either. They’ll remove the default passwords and sell those devices everywhere.
Another news article.
REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison
A US court has sentenced a Ukrainian national to 13 years and seven months in prison for his role in over 2500 ransomware attacks using the REvil strain