Nick Browning discovered that RMagick incorrectly handled memory under
certain operations. An attacker could possibly use this issue to cause
a denial of service through memory exhaustion.
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak:
I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is on the 24th.
The list is maintained on this page.
Ransomware kingpin who called himself “J P Morgan” extradited to United States
An investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head of one the world’s most prolific Russian-speaking cybercriminal gangs.
The UK’s National Crime Agency (NCA) says it has been investigating a cybercriminal using the online handle “J P Morgan” since 2015, alongside parallel investigations run by the United States FBI and Secret Service.
Read more in my article on the Tripwire State of Security blog.
New Phishing Attack Uses Sophisticated Infostealer Malware
The phishing attack uses infostealer malware to target saved passwords, credit cards & Bitcoin info
Manufacturing Firm Loses $60m in BEC Scam
Manufacturing firm Orion revealed it has lost $60m in a business email compromise (BEC) scam, which targeted a non-executive employee
Research Uncovers New Microsoft Outlook Vulnerability
CVE-2024-38173 is a medium severity RCE flaw in Microsoft Outlook, similar to CVE-2024-30103
webkitgtk-2.44.3-1.fc39
FEDORA-2024-e9219d3a6e
Packages in this update:
webkitgtk-2.44.3-1.fc39
Update description:
Fix web process cache suspend/resume when sandbox is enabled.
Fix accelerated images disappearing after scrolling.
Fix video flickering with DMA-BUF sink.
Fix pointer lock on X11.
Fix movement delta on mouse events in GTK3.
Undeprecate console message API and make it available in 2022 API.
Fix several crashes and rendering issues.
The Chinese Communist Party (CCP): A Quest for Data Control
We assess apps owned by the People’s Republic of China (PRC) and the potential threat posed to users. Does the PRC leverage these apps for data collection and influence operations?
Critical Vulnerability Found in Microsoft’s AI Healthcare Chatbot
Tenable detailed two privilege escalation vulnerabilities in the Azure Health Bot Service, one of which has been rated critical
Cyber-Attack Spreads Phishing Scam Across Greater Manchester Areas
A cyber-attack has hit several boroughs across Greater Manchester, England, leaving thousands of residents vulnerable to a phishing scam