By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by Ticketmaster and AXS.
Cyber-Attack on Evolve Bank Exposed Data of 7.6 Million Customers
In a statement on Monday, Evolve confirmed the breach includes over 20,000 customers in Maine
Critical Patches Issued for Microsoft Products, July 09, 2024
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Adobe Premiere Pro is a timeline-based and non-linear video editing software application.
Adobe InDesign is a desktop publishing and page layout designing software application.
Adobe Bridge is a free digital asset management application.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
Eldorado Ransomware Strikes Windows and Linux Networks
Group-IB also revealed the ransomware uses Chacha20 and RSA-OAEP for encryption
gopass-hibp-1.15.13-1.fc41
FEDORA-2024-40c0ff79e8
Packages in this update:
gopass-hibp-1.15.13-1.fc41
Update description:
Automatic update for gopass-hibp-1.15.13-1.fc41.
Changelog
* Tue Jul 9 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.15.13-1
– Update to 1.15.13 – Closes rhbz#2159125 rhbz#2255098
* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> – 1.15.7-4
– Rebuild for golang 1.22.0
freeradius-3.2.5-1.fc39
FEDORA-2024-c395d8fef4
Packages in this update:
freeradius-3.2.5-1.fc39
Update description:
Update to upstream release 3.2.5
Ransomware attack on blood-testing service puts lives in danger in South Africa
A ransomware attack by the BlackSuit gang against South Africa’s National Health Laboratory Service (NHLS) has put lives at risk and created chaos for healthcare services across the country.
Read more in my article on the Hot for Security blog.
A Vulnerability in OpenSSH Could Allow for Remote Code Execution
A vulnerability has been discovered in OpenSSH that could allow for remote code execution. OpenSSH is a suite of secure networking utilities based on the SSH protocol and is crucial for secure communication over unsecured networks. It is widely used in enterprise environments for remote server management, secure file transfers, and various DevOps practices. Successful exploitation of this vulnerability could allow for remote code execution in the context of the unprivileged user running the sshd server. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
freeradius-3.2.5-1.fc40
FEDORA-2024-04ba1ff731
Packages in this update:
freeradius-3.2.5-1.fc40
Update description:
Update to upstream release 3.2.5