Saturday, July 20, 2024

InfoSec News Feeds

Packetstorm

  • Debian Security Advisory 5733-1
    on 19 July 2024 at 2:39 PM

    Debian Linux Security Advisory 5733-1 - Multiple security issues were discovered in Thunderbird, which could potentially result in the execution of arbitrary code.

  • Ubuntu Security Notice USN-6896-4
    on 19 July 2024 at 2:39 PM

    Ubuntu Security Notice 6896-4 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the […]

  • Ubuntu Security Notice USN-6898-3
    on 19 July 2024 at 2:39 PM

    Ubuntu Security Notice 6898-3 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han […]

THN

PortSwigger

Security Affaris

  • Russian nationals plead guilty to participating...
    by Pierluigi Paganini on 20 July 2024 at 5:43 AM

    Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their roles in the LockBit ransomware […]

  • MediSecure data breach impacted 12.9 million...
    by Pierluigi Paganini on 19 July 2024 at 9:40 PM

    Personal and health information of 12.9 million individuals was exposed in a ransomware attack on Australian digital prescription services provider MediSecure. MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services […]

  • CrowdStrike update epic fail crashed Windows...
    by Pierluigi Paganini on 19 July 2024 at 4:10 PM

    Windows machines worldwide displayed BSoD screen following a faulty update pushed out by cybersecurity firm CrowdStrike. A faulty update released by CrowdStrike Falcon is causing Windows systems to display a BSoD screen. The incident is causing widespread global disruptions, impacting critical […]

HackerOne

WeLiveSecurity

TheRegister

  • UK cops arrest teen suspect in MGM Resorts...
    by Jessica Lyons on 19 July 2024 at 10:51 PM

    17-year-old cuffed as FBI says it will 'relentlessly pursue' miscreants around the globe Cops in the UK have arrested a suspected member of the notorious Scattered Spider crime gang, which is accused of crippling MGM Resorts in Las Vegas with ransomware last summer.…

  • Beijing's attack gang Volt Typhoon was a false...
    by Simon Sharwood on 19 July 2024 at 6:09 AM

    Run by the NSA, the FBI, and Five Eyes nations, who fooled infosec researchers, apparently China has wildly claimed the Volt Typhoon gang, which Five Eyes nations accuse of being a Beijing-backed attacker that targets critical infrastructure, was in fact made up by the US intelligence community.…

  • Judge mostly drags SEC's lawsuit against...
    by Jessica Lyons on 18 July 2024 at 10:06 PM

    Russia-invaded software biz 'grateful for the support we have received' A judge has mostly thrown out a lawsuit brought by America's financial watchdog that accused SolarWinds and its chief infosec officer of misleading investors about its computer security practices and the backdooring of its […]

Security Week

  • CrowdStrike Says Logic Error Caused Windows BSOD...
    by Ryan Naraine on 20 July 2024 at 5:15 AM

    CrowdStrike says a routine sensor configuration update pushed to Windows OS triggered a logic error that blue-screened computers worldwide. The post CrowdStrike Says Logic Error Caused Windows BSOD Chaos appeared first on SecurityWeek.

  • Judge Dismisses Major SEC Charges Against...
    by Ryan Naraine on 19 July 2024 at 9:22 PM

    Judge dismissed SEC lawsuit charging SolarWinds and CISO Timothy Brown with hiding security problems before and after the SUNBURST supply chain compromise. The post Judge Dismisses Major SEC Charges Against SolarWinds and CISO  appeared first on SecurityWeek.

  • Recent Splunk Enterprise Vulnerability Easy to...
    by Ionut Arghire on 19 July 2024 at 3:43 PM

    SonicWall warns that a simple GET request is enough to exploit a recent Splunk Enterprise vulnerability. The post Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm appeared first on SecurityWeek.

Exploit-DB Updates