Read Time:6 Second
FEDORA-2022-01f0553b59
Packages in this update:
thunderbird-91.7.0-1.fc35
Update description:
Update to 91.7.0
Category Archives: Advisories
Additional Wiper Malware Deployed in Ukraine #CaddyWiper
Read Time:1 Minute, 9 Second
FortiGuard Labs is aware of new wiper malware observed in the wild attacking Ukrainian interests. The wiper was found by security researchers today at ESET. The wiper is dubbed CaddyWiper. Preliminary analysis reveals that the wiper malware erases user data and partition information from attached drives. According to the tweet, CaddyWiper does not share any code with HermeticWiper or IsaacWiper or any known malware families.This is a breaking news event. More information will be added when relevant updates are available.For further reference about Ukrainian wiper attacks please reference our Threat Signal from January and February. Also, please refer to our recent blog that encompasses the recent escalation in Ukraine, along with salient advice about patch management and why it is important, especially in today’s political climate.Is this the Work of Nobelium/APT29?At this time, there is not enough information to correlate this to Nobelium/APT29 or nation state activity. Was this Sample Signed?No. Unlike the HermeticWiper sample related to Ukrainian attacks, this sample is unsigned.Why is Malware Signed?Malware is often signed by threat actors as a pretense to evade AV or any other security software. Signed malware allows threat actors to evade and effectively bypass detection, guaranteeing a higher success rate. What is the Status of Coverage?FortiGuard Labs has AV coverage in place for publicly available samples as:W32/CaddyWiper.NCX!tr
USN-5328-2: OpenSSL vulnerability
Read Time:17 Second
USN-5328-1 fixed a vulnerability in OpenSSL. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Tavis Ormandy discovered that OpenSSL incorrectly parsed certain
certificates. A remote attacker could possibly use this issue to cause
OpenSSH to stop responding, resulting in a denial of service.
USN-5330-1: LibreOffice vulnerability
Read Time:10 Second
It was discovered that LibreOffice incorrectly handled digital signatures.
An attacker could possibly use this issue to create a specially crafted
document that would display a validly signed indicator, contrary to
expectations.
USN-5329-1: tar vulnerability
Read Time:8 Second
It was discovered that tar incorrectly handled certain files.
An attacker could possibly use this issue to cause tar to crash,
resulting in a denial of service.
CVE-2020-4989
Read Time:13 Second
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.
USN-5328-1: OpenSSL vulnerability
Read Time:9 Second
Tavis Ormandy discovered that OpenSSL incorrectly parsed certain
certificates. A remote attacker could possibly use this issue to cause
OpenSSH to stop responding, resulting in a denial of service.
USN-5327-1: rsh vulnerability
Read Time:11 Second
Hiroyuki Yamamori discovered that rsh incorrectly handled certain
filenames. If a user or automated system were tricked into connecting to a
malicious rsh server, a remote attacker could possibly use this issue to
modify directory permissions.
Post Title
Read Time:57 Second
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
GarageBand is an audio tool
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
Logic Pro X is a digital audio workstation
macOS Monterey is the 18th and current major release of macOS.
macOS Big Sur is the 17th release of macOS.
macOS Catalina is the 16th major release of macOS
watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.
tvOS is an operating system for fourth-generation Apple TV digital media player.
Xcode is Apple’s integrated development environment for macOS
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
cabal-rpm-2.0.11-1.fc34
Read Time:11 Second
FEDORA-2022-78559f99a9
Packages in this update:
cabal-rpm-2.0.11-1.fc34
Update description:
take build-tool-depends into account (#65)
‘spec’,’update’: detect autorelease and preserve autochangelog (#66)
‘spec –standalone’: strip executable
support _builddir