Read Time:4 Second
The framework aims to mitigate ethical issues surrounding use of AI in security
Ragnar Locker ransomware – what you need to know
Read Time:10 Second
The FBI has warned that the Ragnar Locker gang has infected at least 52 critical infrastructure organisations across America with its ransomware.
Read more in my article on the Tripwire State of Security blog.
No, women in Ukraine aren’t up for a sexy webcam chat right now
Read Time:6 Second
No – there aren’t women in Ukraine are keen to have a sexy webcam chat with you right now.
Smashing Security podcast #265: The Nigerian supercop and Alexa vs. Alexa
Read Time:21 Second
The most famous policeman in Nigeria is in hot water over his links to Hushpuppi, has your Amazon Echo been talking to itself, and can an AI girlfriend save your marriage?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
Plus don’t miss our featured interview with Jason Meller of Kolide.
annobin-10.57-3.fc36 firefox-98.0-2.fc36 gcc-12.0.1-0.12.fc36
Read Time:56 Second
FEDORA-2022-42ea499a7d
Packages in this update:
annobin-10.57-3.fc36
firefox-98.0-2.fc36
gcc-12.0.1-0.12.fc36
Update description:
This update provides the latest release of Firefox, with many bug fixes including critical security issues. It also includes updates to gcc and annobin which were necessary to build Firefox, with the following fixes:
fix up promoted SUBREG handling (#2045160, PR rtl-optimization/104839)
fix up check for asm goto (PR rtl-optimization/104777)
Upstream bugs (http://gcc.gnu.org/PRNNNNN) fixed: 70077, 79493, 80270, 84519, 87496, 88134, 90148, 91384, 96526, 99297, 99555, 99585, 100400, 100407, 100541, 100757, 101325, 101636, 101983, 102276, 102429, 103037, 103302, 103443, 103521, 103836, 103845, 103856, 103984, 104061, 104121, 104131, 104132, 104133, 104154, 104208, 104381, 104430, 104434, 104489, 104529, 104533, 104540, 104550, 104552, 104558, 104573, 104589, 104601, 104602, 104618, 104619, 104627, 104633, 104637, 104644, 104648, 104656, 104659, 104664, 104667, 104674, 104675, 104676, 104677, 104679, 104681, 104682, 104686, 104687, 104698, 104700, 104704, 104715, 104716, 104721, 104724, 104725, 104726, 104727, 104728, 104730, 104732, 104736, 104748, 104757, 104758, 104761, 104775, 104779, 104781, 104782, 104784, 104791, 104794, 104797, 104807, 104825, 104838
openexr-3.1.4-1.fc36
Read Time:6 Second
FEDORA-2022-18e14f460c
Packages in this update:
openexr-3.1.4-1.fc36
Update description:
New upstream release 3.1.4
openexr-3.1.4-1.fc35
Read Time:6 Second
FEDORA-2022-5cdfa7faa5
Packages in this update:
openexr-3.1.4-1.fc35
Update description:
New upstream release 3.1.4
HackerOne calls for end of security by obscurity
Read Time:24 Second
HackerOne, a bug bounty platform provider, offered a blueprint for greater corporate security responsibility and called for a shift from secrecy to transparency when dealing with vulnerabilities in a report released Thursday.
Organizations are increasingly scrutinizing the practices of their suppliers, basing procurement decisions on security credentials and switching suppliers should the company have experienced a security incident, the report noted. Demonstrating secure best practices is now a competitive differentiator.
USN-5320-1: Expat vulnerabilities and regression
Read Time:47 Second
USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it
caused a regression and an additional patch was required. This update address
this regression and several other vulnerabilities.
It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-25313)
It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash
or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314)
It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-25315)
Original advisory details:
It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2022-25236)
Dirty Pipe root Linux vulnerability can also impact containers
Read Time:31 Second
The dangerous Linux privilege escalation flaw dubbed Dirty Pipe that was recently disclosed could also impact applications and systems that use containerization through tools such as Docker, researchers warn. This follows a different privilege escalation vulnerability that was patched last week and could lead to container escapes.
Dirty Pipe “could enable an attacker to effectively modify containers that are running against a shared image, or to poison an image on a host so that new containers would receive modified files,” researcher Rory McCune from cloud security firm Aqua Security said in a blog post.