Chamal De Silva discovered that the Apache HTTP Server mod_lua module
incorrectly handled certain crafted request bodies. A remote attacker could
possibly use this issue to cause the server to crash, resulting in a denial
of service. (CVE-2022-22719)
James Kettle discovered that the Apache HTTP Server incorrectly closed
inbound connection when certain errors are encountered. A remote attacker
could possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-22720)
It was discovered that the Apache HTTP Server incorrectly handled large
LimitXMLRequestBody settings on certain platforms. In certain
configurations, a remote attacker could use this issue to cause the server
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-22721)
Ronald Crane discovered that the Apache HTTP Server mod_sed module
incorrectly handled memory. A remote attacker could use this issue to cause
the server to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-23943)
Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind
incorrectly handled certain bogus NS records when using forwarders. A
remote attacker could possibly use this issue to manipulate cache results.
(CVE-2021-25220)
It was discovered that Bind incorrectly handled certain crafted TCP
streams. A remote attacker could possibly use this issue to cause Bind to
consume resources, leading to a denial of service. This issue only affected
Ubuntu 21.10. (CVE-2022-0396)
Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’ Something’s gone terribly wrong here.
The ransomware scourge reached unprecedented levels in 2021, with ransomware threat actors demanding, and in many cases receiving, ransom payments in the millions of dollars. The world’s largest meat processor, JBS, confirmed in June 2021 that it paid the equivalent of $11 million in ransom to respond to the criminal hack against its operations.
Colonial Pipeline paid $4.43 million to its ransomware attackers in May 2021, although in a subsequent operation, the U.S Department of Justice (DOJ) seized $2.3 million of that amount. In May, backup appliance supplier ExaGrid paid a $2.6 million ransom to cybercriminals that targeted the company with Conti ransomware.
Security experts and scientists predict that quantum computers will one day be able to break commonly used encryption methods rendering email, secure banking, crypto currencies, and communications systems vulnerable to significant cybersecurity threats. Organizations, technology providers, and internet standards will therefore soon be required to transition to quantum-safe encryption. Upon this backdrop, NATO has begun testing quantum-safe solutions to investigate the feasibility and practicality of such technology for real-world implementations while the National Institute of Standards and Technology (NIST) launched a competition to identify and standardize quantum-safe encryption algorithms.
Germany tells consumers to stop using Kaspersky anti-virus products, OSINT reveals a secret government department (with help from an Apple AirTag), and the UK says it’s taking a hard line on dick pics.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Chris Kirsch.
