RSS 생중계

Mark Zuckerberg Has Been Added To a DC Lawsuit Over the Cambridge Analytica Scandal

Slashdot - 17시간 47분 지남
District of Columbia Attorney General Karl Racine is adding Facebook CEO Mark Zuckerberg to a lawsuit over the Cambridge Analytica data-mining scandal. From a report: Racine announced the addition on Twitter this morning, saying his investigation had revealed that Zuckerberg was "personally involved in decisions related to Cambridge Analytica and Facebook's failure to protect user data." The 2018 lawsuit accuses Facebook (and now Zuckerberg) of misrepresenting its policies around third-party data access and compromising user privacy with lax protections. The attorney general's office alleges that Facebook violated the Consumer Protection Procedures Act and seeks civil damages for the offense. A judge allowed the case to proceed despite Facebook's efforts to halt it in 2019.

Read more of this story at Slashdot.

카테고리:

Sinclair Broadcast Hack Linked To Notorious Russian Cybergang

Slashdot - 18시간 7분 지남
A weekend cyberattack against Sinclair Broadcast Group was linked to one of the most infamous Russian cybergangs, called Evil Corp, Bloomberg reports. From the report: The Sinclair hackers used malware called Macaw, a variant of ransomware known as WastedLocker. Both Macaw and WastedLocker were created by Evil Corp., according to the two people, who requested anonymity to discuss confidential matters. Evil Corp. was sanctioned by the U.S. Treasury Department in 2019. Since then, it has been accused by cybersecurity experts of rebranding in an attempt to avoid the sanctions. People in the U.S. are generally prohibited from engaging in transactions with sanctioned entities, including paying a ransom. "Sinclair appears to have been hit by Macaw ransomware, a relatively new strain first reported in early October," said Allan Liska, a senior threat analyst at the cybersecurity firm Recorded Future Inc. "There have not been any other Macaw victims publicly reported."

Read more of this story at Slashdot.

카테고리:

CVE-2021-21743

Latest 7 days CVE Lists - 18시간 57분 지남
ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability to modify the HTTP response header information through a specially crafted HTTP request.

CVE-2021-21744

Latest 7 days CVE Lists - 18시간 57분 지남
ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled.

CVE-2021-21745

Latest 7 days CVE Lists - 18시간 57분 지남
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.

CVE-2021-21748

Latest 7 days CVE Lists - 18시간 57분 지남
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.

CVE-2021-21749

Latest 7 days CVE Lists - 18시간 57분 지남
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerabilities to execute arbitrary code.

PayPal Exploring a Purchase of Pinterest, Valuing Social Media Firm at $39 Billion

Slashdot - 19시간 14분 지남
PayPal is exploring an acquisition of social media company Pinterest, Bloomberg News reported on Wednesday. From a report: San Jose, California-based PayPal has recently approached Pinterest about a potential deal, the people said, asking not to be identified because the talks are private. The companies have discussed a potential price of around $70 a share, which would value Pinterest at roughly $39 billion, one of the people said.

Read more of this story at Slashdot.

카테고리:

Stable kernel updates

lwn.net - 19시간 36분 지남
Stable kernels 5.14.14, 5.10.75, 5.4.155, 4.19.213, and 4.14.252 have been released. They all contain important fixes and users of those series should upgrade.
카테고리:

Security updates for Wednesday

lwn.net - 19시간 45분 지남
Security updates have been issued by Debian (ffmpeg, smarty3, and strongswan), Fedora (udisks2), openSUSE (flatpak, strongswan, util-linux, and xstream), Oracle (redis:5), Red Hat (java-1.8.0-openjdk, java-11-openjdk, openvswitch2.11, redis:5, redis:6, and rh-redis5-redis), SUSE (flatpak, python-Pygments, python3, strongswan, util-linux, and xstream), and Ubuntu (linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-raspi and strongswan).
카테고리:

Micron To Build $7 Billion Plant in Japan To Expand DRAM Production

Slashdot - 19시간 47분 지남
U.S. memory chip maker Micron Technology will build a new factory at its Japanese production site in Hiroshima at a cost of 800 billion yen ($7.0 billion), the Nikkan Kogyo newspaper reported on Wednesday. Reuters: The new facility will make DRAM chips, which are widely used in data centres, with production set to begin in 2024, the report said, without citing sources. COVID-19 pandemic stay-at-home demand for electronic devices is causing shortages of non-memory chips that has forced some manufacturers, such as automakers and smartphone makers, to curtail production. That has also reduced sales of DRAM memory chips, but some industry watchers expect demand to rebound helped by an expansion of data centres.

Read more of this story at Slashdot.

카테고리:

CVE-2021-21746

Latest 7 days CVE Lists - 19시간 57분 지남
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.

CVE-2021-21747

Latest 7 days CVE Lists - 19시간 57분 지남
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.

CVE-2021-3542

Latest 7 days CVE Lists - 19시간 57분 지남
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Bitcoin Hits New All-Time High Above $65K

Slashdot - 수, 2021/10/20 - 11:45오후
Bitcoin, the world's largest cryptocurrency by market capitalization, has hit a new all-time high above $65,000. From a report: The crypto broke above its previous high of $64,889 reached in April. Bitcoin is currently changing hands for around $65,607, up 4.2% over the past 24 hours. The latest rally pushed bitcoin's year-to-date terms to 122%, according to CoinDesk data. The largest cryptocurrency appears to have gotten a push on Tuesday from the launch of the ProShares Bitcoin Strategy ETF, the first exchange-traded fund approved by the U.S. Securities and Exchange Commission to invest in bitcoin futures. Indeed, the new fund, traded on the New York Stock Exchange under the ticker $BITO, garnered a first-day trading volume of more than $1 billion, ranking it among the most successful launches of all time.

Read more of this story at Slashdot.

카테고리:

The Royal Mint To Extract Gold From Old Phones

Slashdot - 수, 2021/10/20 - 11:10오후
Gold and precious metals are to be extracted from old phones and laptops by Britain's coin-maker. From a report: The Royal Mint plans to introduce a world-first technology to the UK to recycle gold from electronic waste. Fewer than one fifth of electronic waste ends up being recycled, estimates show. The mint's chief executive Anne Jessopp said the technology would help to "make a genuine impact on one of the world's greatest environmental challenges." The Royal Mint has signed an agreement with Canadian start-up Excir to recover 99% and more of gold from devices' circuit boards. It said the chemistry selectively targets and extracts precious metals from circuit boards in seconds.

Read more of this story at Slashdot.

카테고리:

How a simple Linux kernel memory corruption bug can lead to complete system compromise (Project Zero)

lwn.net - 수, 2021/10/20 - 10:20오후
Over at the Project Zero blog, Jann Horn has a lengthy post on a kernel bug, ways to exploit it, and various ideas on mitigation. While the exploitation analysis is highly detailed, more than half of the post looks at various defenses to this kind of bug. This blog post describes a straightforward Linux kernel locking bug and how I exploited it against Debian Buster's 4.19.0-13-amd64 kernel. Based on that, it explores options for security mitigations that could prevent or hinder exploitation of issues similar to this one.

I hope that stepping through such an exploit and sharing this compiled knowledge with the wider security community can help with reasoning about the relative utility of various mitigation approaches.

A lot of the individual exploitation techniques and mitigation options that I am describing here aren't novel. However, I believe that there is value in writing them up together to show how various mitigations interact with a fairly normal use-after-free exploit.

카테고리:

CVE-2021-23452

Latest 7 days CVE Lists - 수, 2021/10/20 - 10:15오후
This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.

New FCC Rules Could Force Wireless Carriers To Block Spam Texts

Slashdot - 수, 2021/10/20 - 10:00오후
An anonymous reader quotes a report from Engadget: Under Acting Chairwoman Jessica Rosenworcel, the Federal Communications Commission is seeking to create new rules targeting spam text messages. Like another recent proposed rulemaking from the agency, the policy would push wireless carriers and telephone companies to block the spam before it ever gets to your phone. "We've seen a rise in scammers trying to take advantage of our trust of text messages by sending bogus robotexts that try to trick consumers to share sensitive information or click on malicious links," Rosenworcel said. "It's time we take steps to confront this latest wave of fraud and identify how mobile carriers can block these automated messages before they have the opportunity to cause any harm."

Read more of this story at Slashdot.

카테고리:

New FCC Rules Could Force Wireless Carriers To Block Spam Texts

Slashdot - 수, 2021/10/20 - 10:00오후
An anonymous reader quotes a report from Engadget: Under Acting Chairwoman Jessica Rosenworcel, the Federal Communications Commission is seeking to create new rules targeting spam text messages. Like another recent proposed rulemaking from the agency, the policy would push wireless carriers and telephone companies to block the spam before it ever gets to your phone. "We've seen a rise in scammers trying to take advantage of our trust of text messages by sending bogus robotexts that try to trick consumers to share sensitive information or click on malicious links," Rosenworcel said. "It's time we take steps to confront this latest wave of fraud and identify how mobile carriers can block these automated messages before they have the opportunity to cause any harm."

Read more of this story at Slashdot.

카테고리:

페이지

KLDP 수집기 구독하기