Read Time:6 Second
FEDORA-2022-531e531922
Packages in this update:
xen-4.16.0-4.fc36
Update description:
Multiple speculative security issues [XSA-398]
Meta fined €17 million by Irish regulator for GDPR violations
Read Time:33 Second
The Republic of Ireland’s Data Protection Commission (DPC) has fined Facebook parent company Meta €17 million (US$18.6 million) for violating multiple articles of the GDPR (General Data Protection Regulation) related to a series of 12 data breach notifications that occurred in the latter half of 2018.
The GDPR is an EU regulation that sets comparatively strict standards for the management, processing and protection of user data that went into effect in May 2018. Specifically, the DPC stated, the company failed to institute measures that would allow it to demonstrate compliance with GDPR regulations, under Articles 5(2) and 24(1).
Meta fined $18.6M by Irish regulator for GDPR violations
Read Time:33 Second
The Republic of Ireland’s Data Protection Commission (DPC) has fined Facebook parent company Meta €17 million (US$18.6 million) for violating multiple articles of the GDPR (General Data Protection Regulation) related to a series of 12 data breach notifications that occurred in the latter half of 2018.
The GDPR is an EU regulation that sets comparatively strict standards for the management, processing and protection of user data that went into effect in May 2018. Specifically, the DPC stated, the company failed to institute measures that would allow it to demonstrate compliance with GDPR regulations, under Articles 5(2) and 24(1).
libass-0.15.2-1.fc34
Read Time:7 Second
FEDORA-2022-2af150223a
Packages in this update:
libass-0.15.2-1.fc34
Update description:
New version
Security fix for CVE-2020-36430
Police arrest scammer on FBI’s “Most Wanted” list in relation to $100 million fraud
Read Time:11 Second
The alleged ringleader of an international scam operation has been arrested by Nigerian authorities in Lagos, after being wanted by the FBI since 2016.
Read more in my article on the Hot for Security blog.
Sioux Falls Funds DSU Cybersecurity Lab
Read Time:3 Second
City council approves $10m appropriation toward Dakota State University cybersecurity lab
Irish Watchdog Fines Meta $19m Over Data Breach
Read Time:4 Second
Ireland’s data regulator imposes penalty after inquiry into 2018 data breach notifications
Avast Merger Raises Competition Concerns
Read Time:3 Second
UK government finds NortonLifeLock purchase of Avast could reduce competition
Breaking RSA through Insufficiently Random Primes
Read Time:47 Second
Basically, the SafeZone library doesn’t sufficiently randomize the two prime numbers it used to generate RSA keys. They’re too close to each other, which makes them vulnerable to recovery.
There aren’t many weak keys out there, but there are some:
So far, Böck has identified only a handful of keys in the wild that are vulnerable to the factorization attack. Some of the keys are from printers from two manufacturers, Canon and Fujifilm (originally branded as Fuji Xerox). Printer users can use the keys to generate a Certificate Signing Request. The creation date for the all the weak keys was 2020 or later. The weak Canon keys are tracked as CVE-2022-26351.
Böck also found four vulnerable PGP keys, typically used to encrypt email, on SKS PGP key servers. A user ID tied to the keys implied they were created for testing, so he doesn’t believe they’re in active use.
CVE-2021-23648
Read Time:7 Second
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.