Read Time:9 Second
FEDORA-2024-275a45a146
Packages in this update:
xorg-x11-server-Xwayland-24.1.4-1.fc40
Update description:
xwayland 24.1.4 – CVE fix for CVE-2024-9632
xorg-x11-server-Xwayland-24.1.4-1.fc41
Read Time:9 Second
FEDORA-2024-80c8f31c55
Packages in this update:
xorg-x11-server-Xwayland-24.1.4-1.fc41
Update description:
xwayland 24.1.4 – CVE fix for CVE-2024-9632
New LightSpy Spyware Targets iOS with Enhanced Capabilities
Read Time:6 Second
ThreatFabric researchers have discovered significant updates to the LightSpy spyware, featuring plugins designed to interfere with device functionality
Chenlun’s Evolving Phishing Tactics Target Trusted Brands
Read Time:5 Second
The phishing campaign targeted users via texts impersonating Amazon, linked to the threat actor Chenlun
USN-7084-1: urllib3 vulnerability
Read Time:8 Second
It was discovered that urllib3 didn’t strip HTTP Proxy-Authorization header
on cross-origin redirects. A remote attacker could possibly use this issue
to obtain sensitive information.
The AI Fix #22: Probing AI tongues and ASCII smuggling attacks
Read Time:31 Second
In episode 22 of “The AI Fix”, our hosts encounter a bowl of buttermilk king crab ice cream prepared by a baby hippo, a TV station finds an even better way to generate programme ideas than using a tank full of manatees, and Elon Musk does the world’s most expensive Blade Runner cosplay.
Graham discovers a robot tongue and ponders the implications of AIs with an appetite, and Mark explains ASCII smuggling — a prompt injection attack that uses completely invisible characters.
All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.
Law Enforcement Operation Takes Down Redline and Meta Infostealers
Read Time:6 Second
Operation Magnus took down infrastructure used to run the Redline and Meta infostealers, widely used tools in cybercriminal activities
NIS2 Compliance Puts Strain on Business Budgets
Read Time:7 Second
A Veeam report found that businesses are prioritizing NIS2 compliance, with 95% of applicable firms diverting funds from other areas of the business
Suspicious Social Media Accounts Deployed Ahead of COP29
Read Time:5 Second
Global Witness uncovered a network of 71 suspicious accounts on X supporting the Azeri government
USN-7064-2: nano vulnerability
Read Time:19 Second
USN-7064-1 fixed a vulnerability in nano. This update provides the
corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that nano allowed a possible privilege escalation
through an insecure temporary file. If nano was killed while editing, the
permissions granted to the emergency save file could be used by an
attacker to escalate privileges using a malicious symlink.