Advisories

  • tcpreplay-4.5.1-1.el8

    FEDORA-EPEL-2024-b9b7864353 Packages in this update: tcpreplay-4.5.1-1.el8 Update description: Announcing v4.5.1 This release contains contributions from a record number of new contributors. This is greatly appreciated since I am a team of one, and do Tcpreplay maintenance in my spare time. There are many bug fixes and new features. Most notable features: AF_XDP socket support –…

    Read More

  • Hacking Scientific Citations

    Some scholars are inflating their reference counts by sneaking them into metadata: Citations of scientific work abide by a standardized referencing system: Each reference explicitly mentions at least the title, authors’ names, publication year, journal or conference name, and page numbers of the cited publication. These details are stored as metadata, not visible in the…

    Read More

  • CRYSTALRAY Cyber-Attacks Grow Tenfold Using OSS Tools

    Sysdig said CRYSTALRAY used a variety of open source security tools to scan for vulnerabilities Read More

    Read More

  • USN-6898-1: Linux kernel vulnerabilities

    Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition,…

    Read More

  • WP Time Capsule Plugin Update Urged After Critical Security Flaw

    The WordPress plugin has over 20,000 active installations and is used for site backups and update management Read More

    Read More

  • Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

    At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered,…

    Read More

  • Attackers Exploit URL Protections to Disguise Phishing Links

    Barracuda has observed attackers using three different URL protection services to mask their phishing URLs, bypassing email security tools Read More

    Read More

  • USN-6897-1: Ghostscript vulnerabilities

    It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-29506) It was discovered that Ghostscript incorrectly handled certain API parameters. An attacker could…

    Read More

  • Smart Hotel Technologies and the Cybersecurity Risks They Bring

    The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.  Smart technologies are being quickly adopted by the hospitality sector in order to improve guest experiences and improve operations. However, hotels are also…

    Read More

  • Pharmacy Giant Rite Aid Hit By Ransomware

    US pharmacy chain Rite Aid has confirmed a cybersecurity ‘incident’ in June Read More

    Read More