-
Zlib data compressor fixes 17-year-old security bug – patch, errrm, now – Naked Security
You’ve probably heard of Zlib, but even if you haven’t, you’ve almost certainly used it.
Zlib’s unashamedly 1990s-style website describes the product as A Massively Spiffy Yet Delicately Unobtrusive Compression Library (Also Free, Not to Mention Unencumbered by Patents).
Data compression software (and, of course, the matching code to decompress it later) has always been handy to have around, as anyone who has ever used software such as PKZIP, WinRAR, 7-Zip and any of a great number of archiving tools will attest.
As you can imagine, the primary purpose of data compression is to save space, such as reducing the storage capacity needed for backups or cutting down on the bandwidth used for data transfer.
-
Viasat Hack Tied to Data-Wiping Malware Designed to Shut Down Modems | PCMag
Security firm SentinelOne says malware known as AcidRain was likely used to take down Viasat's satellite internet network during Russia's invasion of Ukraine.
-
Google Chrome zero-day bug update shows the benefit of Lacros on a Chromebook
Last week, news made the rounds about a new Google Chrome zero-day bug. Essentially, there is potential for executable code to be injected into your browser. Google Chrome received a patch last week to address this, but Chromebooks had to wait until yesterday. That’s when a Chrome OS 99 Stable Channel update became available. My Chromebook got the Google Chrome update last week though, showing the benefits of the Lacros browser.
-
GitLab issues security fix for easy account takeover flaw • The Register
GitLab on Thursday issued security updates for three versions of GitLab Community Edition (CE) and Enterprise Edition (EE) software that address, among other flaws, a critical hard-coded password bug.
The cloud-hosted software version control service released versions 14.9.2, 14.8.5, and 14.7.7 of its self-hosted CE and EE software, fixing one "critical" security vulnerability (CVE-2022-1162), as well as two rated "high," nine rated "medium," and four rated "low."
-
Lapsus$ extortion gang pulls new heist, say researchers • The Register
The document above contains a log of what looks like the attack on Sitel, and detail a login over RDP followed by a Bing search for "Privilege escalation tools on GitHub" from a compromised machine. There's also evidence of malware downloads, termination of security software processes, and further skulduggery.
-
Two different “VMware Spring” bugs at large – we cut through the confusion
Yesterday, we wrote about a bug in the VMware Spring product, a project we described as “an open-source Java toolkit for building powerful Java apps, including cloud-based apps, without needing to write, manage, worry about, or even understand the ‘server’ part of the process yourself.”
-
VMware Horizon platform pummeled by Log4j-fueled attacks [Ed: How to blame VMware problems on anyone but VMware]
-
Detailed: Critical hijacking bugs that took months to patch in Microsoft Azure Defender for IoT [Ed: Microsoft "Defender" as back doors]
SentinelOne this week detailed a handful of bugs, including two critical remote code execution vulnerabilities, it found in Microsoft Azure Defender for IoT.
These security flaws, which took six months to address, could have been exploited by an unauthenticated attacker to compromise devices and take over critical infrastructure networks.
-
