In episode six of The AI Fix, our hosts discover an unusual place to put a traffic cone, Mark learns why Americans should pretend to be from Brazil, and Graham discovers a way to make any situation much, much worse. Graham inflicts his terrible Australian accent on Mark while explaining bot-on-bot crime, and Mark tells … Continue reading “The AI Fix #6: AI lobotomies, and bots scam scam bots”
Elias Myllymäki discovered that Django incorrectly handled certain inputs
with a large number of brackets. A remote attacker could possibly use this
issue to cause Django to consume resources or stop responding, resulting in
a denial of service. (CVE-2024-38875)
It was discovered that Django incorrectly handled authenticating users with
unusable passwords. A remote attacker could possibly use this issue to
perform a timing attack and enumerate users. (CVE-2024-39329)
Josh Schneier discovered that Django incorrectly handled file path
validation when the storage class is being derived. A remote attacker could
possibly use this issue to save files into arbitrary directories.
(CVE-2024-39330)
It was discovered that Django incorrectly handled certain long strings that
included a specific set of characters. A remote attacker could possibly use
this issue to cause Django to consume resources or stop responding,
resulting in a denial of service. (CVE-2024-39614)
By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by Ticketmaster and AXS.
In a statement on Monday, Evolve confirmed the breach includes over 20,000 customers in Maine
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Adobe Premiere Pro is a timeline-based and non-linear video editing software application.
Adobe InDesign is a desktop publishing and page layout designing software application.
Adobe Bridge is a free digital asset management application.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
Group-IB also revealed the ransomware uses Chacha20 and RSA-OAEP for encryption
gopass-hibp-1.15.13-1.fc41
Automatic update for gopass-hibp-1.15.13-1.fc41.
* Tue Jul 9 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.15.13-1
– Update to 1.15.13 – Closes rhbz#2159125 rhbz#2255098
* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> – 1.15.7-4
– Rebuild for golang 1.22.0
freeradius-3.2.5-1.fc39
Update to upstream release 3.2.5
A ransomware attack by the BlackSuit gang against South Africa’s National Health Laboratory Service (NHLS) has put lives at risk and created chaos for healthcare services across the country.
Read more in my article on the Hot for Security blog.
