Read Time:8 Second
FEDORA-2024-3ae3a47901
Packages in this update:
libsndfile-1.2.2-4.fc40
Update description:
fix crash in in ogg vorbis (rhbz#2322326) (CVE-2024-50612)
Monthly Archives: November 2024
Swiss Cyber Agency Warns of QR Code Malware in Mail Scam
Read Time:6 Second
Switzerland’s National Cyber Security Centre has warned of a new QR code scam in fake MeteoSwiss letters spreading Android malware
USN-7114-1: GLib vulnerability
Read Time:8 Second
It was discovered that Glib incorrectly handled certain trailing
characters. An attacker could possibly use this issue to cause
a crash or other undefined behavior.
Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days
Read Time:41 Second
Zero-day vulnerabilities are more commonly used, according to the Five Eyes:
Key Findings
In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day.
Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability. The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities.
‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise
Read Time:7 Second
Proofpoint researchers have observed the growing use of the ClickFix social engineering tactic, which lures people into running malicious content on their computer
USN-7104-1: curl vulnerability
Read Time:11 Second
It was discovered that curl could overwrite the HSTS expiry of the parent
domain with the subdomain’s HSTS entry. This could lead to curl switching
back to insecure HTTP earlier than otherwise intended, resulting in
information exposure.
Fake Donald Trump Assassination Story Used in Phishing Scam
Read Time:7 Second
A phishing email claims to be from the New York Times with a story about an assassination attempt against President-elect Donald Trump
Surge in DocuSign Phishing Attacks Target US State Contractors
Read Time:4 Second
Phishing attacks using DocuSign impersonations targeting state agencies have surged 98% since Nov 8
USN-7113-1: WebKitGTK vulnerabilities
Read Time:15 Second
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
North Korean IT Worker Network Tied to BeaverTail Phishing Campaign
Read Time:6 Second
BeaverTail malware has been used to target tech job seekers through fake recruiters, Palo Alto Networks’ Unit 42 has found