Read Time:9 Second
Flipaclip, an animation creation app that is particularly popular with youngsters, has exposed the details of over 890,000 users.
Read more in my article on the Hot for Security blog.
Daily Archives: November 25, 2024
New York Secures $11.3m from Insurance Firms in Data Breach Settlement
Read Time:9 Second
New York State has agreed a $11.3m settlement from two insurance firms following the breach of the personal data of over 120,000 drivers in the state
USN-7125-1: RapidJSON vulnerability
Read Time:10 Second
It was discovered that RapidJSON incorrectly parsed numbers written in
scientific notation, leading to an integer underflow. An attacker could
possibly use this issue to cause a denial of service, or execute arbitrary
code.
IoT Device Traffic Up 18% as Malware Attacks Surge 400%
Read Time:8 Second
Zscaler’s latest report finds 54.5% of IoT attacks target manufacturing, with the industry suffering more than three times the weekly attacks of other sectors
npm Package Lottie-Player Compromised in Supply Chain Attack
Read Time:5 Second
npm package @lottiefiles/lottie-player hacked with malicious code, draining crypto wallets via web3 pop-ups
USN-7121-3: Linux kernel (Oracle) vulnerabilities
Read Time:1 Minute, 12 Second
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– S390 architecture;
– x86 architecture;
– Block layer subsystem;
– Cryptographic API;
– ATM drivers;
– Device frequency scaling framework;
– GPU drivers;
– Hardware monitoring drivers;
– VMware VMCI Driver;
– Network drivers;
– Device tree and open firmware driver;
– SCSI drivers;
– Greybus lights staging drivers;
– BTRFS file system;
– File systems infrastructure;
– F2FS file system;
– JFS file system;
– NILFS2 file system;
– Netfilter;
– Memory management;
– Ethernet bridge;
– IPv6 networking;
– IUCV driver;
– Logical Link layer;
– MAC80211 subsystem;
– NFC subsystem;
– Network traffic control;
– Unix domain sockets;
(CVE-2023-52614, CVE-2024-26633, CVE-2024-46758, CVE-2024-46723,
CVE-2023-52502, CVE-2024-41059, CVE-2024-44987, CVE-2024-36020,
CVE-2023-52599, CVE-2023-52639, CVE-2024-26668, CVE-2024-42094,
CVE-2022-48938, CVE-2022-48733, CVE-2024-27397, CVE-2023-52578,
CVE-2024-38560, CVE-2024-38538, CVE-2024-42310, CVE-2024-46722,
CVE-2024-46800, CVE-2024-41095, CVE-2024-42104, CVE-2024-35877,
CVE-2022-48943, CVE-2024-46743, CVE-2023-52531, CVE-2024-46757,
CVE-2024-36953, CVE-2024-46756, CVE-2024-38596, CVE-2023-52612,
CVE-2024-38637, CVE-2024-41071, CVE-2024-46759, CVE-2024-43882,
CVE-2024-26675, CVE-2024-43854, CVE-2024-44942, CVE-2024-44998,
CVE-2024-42240, CVE-2024-41089, CVE-2024-26636, CVE-2024-46738,
CVE-2024-42309)
Google Deindexes Chinese Propaganda Network
Read Time:5 Second
Google’s threat intelligence team uncovered four Chinese PR firms operating networks of inauthentic news sites
Security Analysis of the MERGE Voting Protocol
Read Time:1 Minute, 8 Second
Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways.
Abstract: The recently published “MERGE” protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper ballots through the mail. In the MERGE protocol, the votes transmitted over the internet are used to tabulate the results and determine the winners, but audits and recounts use the paper ballots that arrive in time. The enunciated motivation for the protocol is to allow (electronic) votes from overseas military voters to be included in preliminary results before a (paper) ballot is received from the voter. MERGE contains interesting ideas that are not inherently unsound; but to make the system trustworthy—to apply the MERGE protocol—would require major changes to the laws, practices, and technical and logistical abilities of U.S. election jurisdictions. The gap between theory and practice is large and unbridgeable for the foreseeable future. Promoters of this research project at DARPA, the agency that sponsored the research, should acknowledge that MERGE is internet voting (election results rely on votes transmitted over the internet except in the event of a full hand count) and refrain from claiming that it could be a component of trustworthy elections without sweeping changes to election law and election administration throughout the U.S.
UK Launches AI Security Lab to Combat Russian Cyber Threats
Read Time:8 Second
UK Minister Pat McFadden will say in a speech at a NATO conference that adversaries are looking at using AI on the physical and cyber battlefield
firefox-133.0-1.fc41 nss-3.106.0-1.fc41
Read Time:9 Second
FEDORA-2024-b266d38c44
Packages in this update:
firefox-133.0-1.fc41
nss-3.106.0-1.fc41
Update description:
Update NSS to 3.106.0
Update to Firefox 133.0