USN-7014-1 fixed a vulnerability in nginx. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that the nginx ngx_http_mp4 module incorrectly handled
certain malformed mp4 files. In environments where the mp4 directive is in
use, a remote attacker could possibly use this issue to cause nginx to
crash, resulting in a denial of service.
In episode 19 of “The AI Fix” podcast, Graham and Mark discover some AI podcast hosts having an existential crisis, a robot dog climbs another step towards world domination, Mark makes a gift for anyone working in tech support, and William Shatner chews through Lucy in the Sky with Diamonds.
Things can take a terrible turn when a pair of bored students think they’re Ethan Hunt, and Mark thinks that an underwater IKEA might be the silver lining to the climate crisis.
All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.
Secureworks reports a 30% increase in active ransomware groups despite law enforcement efforts, with 31 new groups emerging in the past year
Iran is targeting the US presidential race, China the congressional races, and Russia both
The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994.
It’s a weird story. The first line of the article is: “A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers.” This implies that the attack wasn’t against the broadband providers directly, but against one of the intermediary companies that sit between the government CALEA requests and the broadband providers.
For years, the security community has pushed back against these backdoors, pointing out that the technical capability cannot differentiate between good guys and bad guys. And here is one more example of a backdoor access mechanism being targeted by the “wrong” eavesdroppers.
A UN report found that organized crime groups in the region have rapidly integrated malware, generative AI and deepfakes to enhance their fraud activities
buildah-1.37.4-1.fc41
podman-5.2.4-1.fc41
Automatic update for buildah-1.37.4-1.fc41, podman-5.2.4-1.fc41.
* Mon Oct 07 2024 Packit <hello@packit.dev> – 2:1.37.4-1
– Update to 1.37.4 upstream release
* Mon Oct 07 2024 Packit <hello@packit.dev> – 5:5.2.4-1
– Update to 5.2.4 upstream release
Fixes CVE-2024-9341 and CVE-2024-9407.
Europol claims its EMPACT operation has revealed dozens of human trafficking victims and suspects
MoneyGram has issued a data breach notification to customers following a security incident
dnsdist-1.9.7-1.fc39
Update to latest upstream
