Read Time:4 Second
Marine Corps reservist and nurse allegedly sold hundreds of forged coronavirus inoculation cards
Maryland Couple Conspired to Sell Nuclear Secrets
Read Time:5 Second
Nuclear engineer and wife admit plot to steal restricted data and sell it to a foreign power
FBI warns of fake CEO attacks taking place via video conferencing systems
Read Time:10 Second
The FBI has issued a warning that organisations should be on their guard against BEC (Business Email Compromise) attacks involving virtual meeting platforms.
Read more in my article on the Hot for Security blog.
USN-5293-1: c3p0 vulnerability
Read Time:9 Second
Aaron Massey discovered that c3p0 could be made to crash when
parsing certain input. An attacker able to modify the application’s
XML configuration file could cause a denial of service.
USN-5288-1: Expat vulnerabilities
Read Time:7 Second
It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code.
vim-8.2.4428-1.fc34
Read Time:15 Second
FEDORA-2022-7ef65e6444
Packages in this update:
vim-8.2.4428-1.fc34
Update description:
Security fix for CVE-2022-0696
Security fix for CVE-2022-0629
Security fix for CVE-2022-0572
Security fixes for CVE-2022-0408, CVE-2022-0413, CVE-2022-0393, CVE-2022-0417, CVE-2022-0443
vim-8.2.4428-1.fc35
Read Time:8 Second
FEDORA-2022-8622ebdebb
Packages in this update:
vim-8.2.4428-1.fc35
Update description:
The newest upstream commit
Security fix for CVE-2022-0629
Stealing Bicycles by Swapping QR Codes
Read Time:39 Second
This is a clever hack against those bike-rental kiosks:
They’re stealing Citi Bikes by switching the QR scan codes on two bicycles near each other at a docking station, then waiting for an unsuspecting cyclist to try to unlock a bike with his or her smartphone app.
The app doesn’t work for the rider but does free up the nearby Citi Bike with the switched code, where a thief is waiting, jumps on the bicycle and rides off.
Presumably they’re using camera, printers, and stickers to swap the codes on the bikes. And presumably the victim is charged for not returning the stolen bicycle.
This story is from last year, but I hadn’t seen it before. There’s a video of one theft at the link.
Sex attacker jailed after police track his hire bike
Read Time:9 Second
Officers based at London’s Charing Cross police station were able to identify a man who committed two sexual assaults, after they were able to track him via his hire bike.
CVE-2021-25075
Read Time:21 Second
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin’s settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues