Read Time:8 Second
FEDORA-2024-1318318e7a
Packages in this update:
libsndfile-1.2.2-5.fc41
Update description:
fix crash in in ogg vorbis (#2322326) (CVE-2024-50612)
Yearly Archives: 2024
Multiple Vulnerabilities in Palo Alto PAN-OS Could Allow for Authentication Bypass
Read Time:17 Second
Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for authentication bypass. PAN-OS is the software that runs all Palo Alto Networks next-generation firewalls. Successful exploitation could allow for authentication bypass with administrator privileges. An attacker could then install programs; view, change, or delete data.
libsndfile-1.2.2-5.fc42
Read Time:15 Second
FEDORA-2024-bb1826234a
Packages in this update:
libsndfile-1.2.2-5.fc42
Update description:
Automatic update for libsndfile-1.2.2-5.fc42.
Changelog
* Mon Nov 18 2024 Michal Hlavinka <mhlavink@redhat.com> – 1.2.2-5
– fix crash in in ogg vorbis (rhbz#2322326) (CVE-2024-50612)
libsndfile-1.2.2-4.fc40
Read Time:8 Second
FEDORA-2024-3ae3a47901
Packages in this update:
libsndfile-1.2.2-4.fc40
Update description:
fix crash in in ogg vorbis (rhbz#2322326) (CVE-2024-50612)
Swiss Cyber Agency Warns of QR Code Malware in Mail Scam
Read Time:6 Second
Switzerland’s National Cyber Security Centre has warned of a new QR code scam in fake MeteoSwiss letters spreading Android malware
USN-7114-1: GLib vulnerability
Read Time:8 Second
It was discovered that Glib incorrectly handled certain trailing
characters. An attacker could possibly use this issue to cause
a crash or other undefined behavior.
Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days
Read Time:41 Second
Zero-day vulnerabilities are more commonly used, according to the Five Eyes:
Key Findings
In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day.
Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability. The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities.
‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise
Read Time:7 Second
Proofpoint researchers have observed the growing use of the ClickFix social engineering tactic, which lures people into running malicious content on their computer
USN-7104-1: curl vulnerability
Read Time:11 Second
It was discovered that curl could overwrite the HSTS expiry of the parent
domain with the subdomain’s HSTS entry. This could lead to curl switching
back to insecure HTTP earlier than otherwise intended, resulting in
information exposure.
Fake Donald Trump Assassination Story Used in Phishing Scam
Read Time:7 Second
A phishing email claims to be from the New York Times with a story about an assassination attempt against President-elect Donald Trump