tomcat-9.0.89-1.fc40
This update includes a rebase from 9.0.83 to 9.0.89.
#2269611 CVE-2024-24549 tomcat: CVE-2024-24549: Apache Tomcat: HTTP/2 header handling DoS
#2269612 CVE-2024-23672 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake
Multiple vulnerabilities have been discovered in PHP which could allow for remote code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. Successful exploitation could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
A 16-year-old youth has been arrested in France on suspicion of having run a malware-for-rent business.
The unnamed Frenchman, who goes by online handles including “ChatNoir” and “Casquette”, is said to be a key member of the Epsilon hacking group, which has in the recent past stolen millions of records from hackd firms.
Read more in my article on the Hot for Security blog.
galera-26.4.18-1.fc40
mariadb10.11-10.11.8-1.fc40
MariaDB 10.11.8 & Galera 26.4.18
Release notes:
https://mariadb.com/kb/en/mariadb-10-11-7-release-notes/
https://mariadb.com/kb/en/mariadb-10-11-8-release-notes/
The flaw enables attackers to gain control over the AI service by submitting harmful prompts
The US Justice Department has dismantled an enormous botnet:
According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States. Wang then generated millions of dollars by offering cybercriminals access to these infected IP addresses for a fee.
[…]
This operation was a coordinated multiagency effort led by law enforcement in the United States, Singapore, Thailand, and Germany. Agents and officers searched residences, seized assets valued at approximately $30 million, and identified additional forfeitable property valued at approximately $30 million. The operation also seized 23 domains and over 70 servers constituting the backbone of Wang’s prior residential proxy service and the recent incarnation of the service. By seizing multiple domains tied to the historical 911 S5, as well as several new domains and services directly linked to an effort to reconstitute the service, the government has successfully terminated Wang’s efforts to further victimize individuals through his newly formed service Clourouter.io and closed the existing malicious backdoors.
The creator and operator of the botnet, YunHe Wang, was arrested in Singapore.
Experts advised that crisis management and recovery is as much about communications and testing as it is about technical defense measures
Despite reported attempts from Patchstack to contact the vendor, no response has been received
booth-1.0-283.5.9d4029a.git.fc39
Security fix for CVE-2024-3049
Organizations need a culture that goes beyond reporting incidents, where the business wants to collaborate with the security team
