Vulnerabilities

BakaNeko · October 15, 2021, 1:41am

FGD135 · October 22, 2021, 4:24pm

FGD135 · October 22, 2021, 4:25pm

After years of complaints from YouTubers, Google has pinpointed the root cause of a series of account hijackings: software sponsorship deals that delivered malware.

[…]

KathyPartdeux · October 26, 2021, 10:03pm

anon61221983 · October 27, 2021, 12:14am

I really hate this trouser leg of time we find ourselves in…

Simon_Clift · November 14, 2021, 1:16am

FGD135 · November 17, 2021, 5:49pm

BakaNeko · November 25, 2021, 1:44am

subextraordinaire · November 25, 2021, 3:39am

Well, this sucks.

politeruin · November 25, 2021, 8:31pm

Paying attention to your email attachments is still sound advice though, don’t open anything you’re not expecting or don’t know. Keeping your eyes open for those filename extensions as well.

FGD135 · December 4, 2021, 10:56am

Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

A US utility company based in Colorado was hit by a ransomware attack in November that wiped out two decades’ worth of records and knocked out billing systems that won’t be restored until next week at the earliest.

The attack was detailed by the Delta-Montrose Electric Association (DMEA) in a post on its website explaining that current customers won’t be penalised for being unable to pay their bills because of the incident.

[…]

robertmckenna · December 6, 2021, 2:06pm

Does this effect here?

ETA
I knew Little My would bite me in the arse!
:

Simon_Clift · December 6, 2021, 11:45pm

It looks like Gravatar accidentally allows users’ data to be accessed using a sequential index number, instead accessing it only as part of a site that you’re already using. The main danger here, from what I can see, is the ability of the attacker to assemble a big index of users.

Simon_Clift · December 9, 2021, 12:53pm

An “unintended interaction” between the app and Android prevented emergency calls from being placed properly. … Google also warns users running Teams on any Android 10+ device to make sure they’re signed into an account. If you aren’t signed in, uninstall and reinstall the app to prevent your 911 calls from being blocked.

BakaNeko · December 10, 2021, 11:29am

https://www.riotimesonline.com/brazil-news/rio-politics/brazils-health-ministry-website-hacked-overnight-and-is-offline/

RickMycroft · December 11, 2021, 7:29pm

On Thursday, researchers noticed that a popular Java logging library (log4j) had a bug that allows for Remote Code Execution or RCE, hacker lingo for one of the most dangerous types of vulnerabilities, one that essentially allows hackers to take control of the target. GitHub labeled the vulnerability as “critical severity,” and many researchers, as well as the Director of Cybersecurity at the NSA, are sounding the alarm.

RickMycroft · December 11, 2021, 10:25pm

Begun, the patch wars have.

Apache can be affected, but I don’t think that I’m using anything that should touch Java and this library. Still, might as well do an update. (Still on Buster because the Bullseye upgrade is a kind of a mess.)

blondie · December 13, 2021, 3:37am

The Quebec government got on it quickly.

ficuswhisperer · December 14, 2021, 5:18am

Relevant:

Jesse13927 · December 14, 2021, 9:07am

Topic		Replies	Views
Lavabit Redux? links	5	1009	February 18, 2017
UK Snooper's Charter "would put an invisible landmine under every security researcher" boing	3	1115	November 16, 2015
Vulnerability in recorders used by 70+ CCTV systems has been known since 2014 boing	13	1698	March 29, 2016
Crapgadget apocalypse: the IoT devices that punch through your firewall and expose your network boing	19	2509	March 5, 2016
UK schools' "anti-radicalisation" software lets hackers spy on kids boing	11	2073	July 21, 2015

Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

Related topics