Read Time:6 Second
FEDORA-2024-ddb5f7c0a3
Packages in this update:
moodle-4.4.5-1.fc41
Update description:
Multiple CVE fixes.
Monthly Archives: December 2024
Sophisticated TA397 Malware Targets Turkish Defense Sector
Read Time:4 Second
Sophisticated phishing attack targeting Turkey’s defense sector revealed TA397’s advanced tactics
Hacking Digital License Plates
Read Time:57 Second
Not everything needs to be digital and “smart.” License plates, for example:
Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to “jailbreak” digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he’s able to rewrite a Reviver plate’s firmware in a matter of minutes. Then, with that custom firmware installed, the jailbroken license plate can receive commands via Bluetooth from a smartphone app to instantly change its display to show any characters or image.
[…]
Because the vulnerability that allowed him to rewrite the plates’ firmware exists at the hardware level—in Reviver’s chips themselves—Rodriguez says there’s no way for Reviver to patch the issue with a mere software update. Instead, it would have to replace those chips in each display.
The whole point of a license plate is that it can’t be modified. Why in the world would anyone thing that a digital version is a good idea?
Texas Tech University Data Breach Impacts 1.4 Million
Read Time:6 Second
The breach has affected 650,000 individuals at TTUHSC’s Lubbock campus and 815,000 at its El Paso branch
dr_libs-0-0.27.20241217git660795b.el8
Read Time:20 Second
FEDORA-EPEL-2024-073915237b
Packages in this update:
dr_libs-0-0.27.20241217git660795b.el8
Update description:
Update to 0^20241216git660795b
dr_flac 0.12.43: Fix a possible buffer overflow during decoding. Improve detection of ARM64EC.
dr_mp3 0.6.40: Improve detection of ARM64EC
dr_wav 0.13.17: Fix a possible crash when reading from MS-ADPCM encoded files. Improve detection of ARM64EC.
Cybercriminals Exploit Google Calendar to Spread Malicious Links
Read Time:6 Second
Check Point research reveals cybercriminals are using Google Calendar and Drawings to send malicious links, bypassing traditional email security
dr_libs-0^20241216git660795b-1.el9
Read Time:21 Second
FEDORA-EPEL-2024-55f18fb87f
Packages in this update:
dr_libs-0^20241216git660795b-1.el9
Update description:
Update to 0^20241216git660795b
dr_flac 0.12.43: Fix a possible buffer overflow during decoding. Improve detection of ARM64EC.
dr_mp3 0.6.40: Improve detection of ARM64EC
dr_wav 0.13.17: Fix a possible crash when reading from MS-ADPCM encoded files. Improve detection of ARM64EC.
Add a SourceLicense field
USN-7167-1: Linux kernel vulnerabilities
Read Time:14 Second
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Ext4 file system;
– Network traffic control;
– VMware vSockets driver;
(CVE-2024-50264, CVE-2024-49967, CVE-2024-53057)
USN-7159-2: Linux kernel (AWS) vulnerabilities
Read Time:44 Second
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– ARM64 architecture;
– S390 architecture;
– x86 architecture;
– Power management core;
– GPU drivers;
– InfiniBand drivers;
– Network drivers;
– S/390 drivers;
– TTY drivers;
– BTRFS file system;
– EROFS file system;
– F2FS file system;
– File systems infrastructure;
– BPF subsystem;
– Socket messages infrastructure;
– Bluetooth subsystem;
– Ethernet bridge;
– Networking core;
– IPv4 networking;
– SELinux security module;
(CVE-2022-48938, CVE-2024-42156, CVE-2024-36953, CVE-2024-38538,
CVE-2021-47501, CVE-2024-42068, CVE-2024-26947, CVE-2024-46724,
CVE-2024-36968, CVE-2023-52497, CVE-2024-35951, CVE-2023-52488,
CVE-2024-44940, CVE-2022-48733, CVE-2023-52498, CVE-2022-48943,
CVE-2024-35904, CVE-2024-42077, CVE-2024-36938, CVE-2023-52639,
CVE-2024-42240, CVE-2024-44942, CVE-2021-47076)
dr_libs-0^20241216git660795b-1.el10_0
Read Time:21 Second
FEDORA-EPEL-2024-704d471aec
Packages in this update:
dr_libs-0^20241216git660795b-1.el10_0
Update description:
Update to 0^20241216git660795b
dr_flac 0.12.43: Fix a possible buffer overflow during decoding. Improve detection of ARM64EC.
dr_mp3 0.6.40: Improve detection of ARM64EC
dr_wav 0.13.17: Fix a possible crash when reading from MS-ADPCM encoded files. Improve detection of ARM64EC.
Add a SourceLicense field