Vulnerabilities

BakaNeko · October 15, 2021, 1:41am

FGD135 · October 22, 2021, 4:24pm

FGD135 · October 22, 2021, 4:25pm

After years of complaints from YouTubers, Google has pinpointed the root cause of a series of account hijackings: software sponsorship deals that delivered malware.

[…]

KathyPartdeux · October 26, 2021, 10:03pm

Mindysan33 · October 27, 2021, 12:14am

I really hate this trouser leg of time we find ourselves in…

Simon_Clift · November 14, 2021, 1:16am

FGD135 · November 17, 2021, 5:49pm

BakaNeko · November 25, 2021, 1:44am

subextraordinaire · November 25, 2021, 3:39am

Well, this sucks.

politeruin · November 25, 2021, 8:31pm

Paying attention to your email attachments is still sound advice though, don’t open anything you’re not expecting or don’t know. Keeping your eyes open for those filename extensions as well.

FGD135 · December 4, 2021, 10:56am

Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

A US utility company based in Colorado was hit by a ransomware attack in November that wiped out two decades’ worth of records and knocked out billing systems that won’t be restored until next week at the earliest.

The attack was detailed by the Delta-Montrose Electric Association (DMEA) in a post on its website explaining that current customers won’t be penalised for being unable to pay their bills because of the incident.

[…]

robertmckenna · December 6, 2021, 2:06pm

Does this effect here?

ETA
I knew Little My would bite me in the arse!
:

Simon_Clift · December 6, 2021, 11:45pm

It looks like Gravatar accidentally allows users’ data to be accessed using a sequential index number, instead accessing it only as part of a site that you’re already using. The main danger here, from what I can see, is the ability of the attacker to assemble a big index of users.

Simon_Clift · December 9, 2021, 12:53pm

An “unintended interaction” between the app and Android prevented emergency calls from being placed properly. … Google also warns users running Teams on any Android 10+ device to make sure they’re signed into an account. If you aren’t signed in, uninstall and reinstall the app to prevent your 911 calls from being blocked.

BakaNeko · December 10, 2021, 11:29am

https://www.riotimesonline.com/brazil-news/rio-politics/brazils-health-ministry-website-hacked-overnight-and-is-offline/

RickMycroft · December 11, 2021, 7:29pm

On Thursday, researchers noticed that a popular Java logging library (log4j) had a bug that allows for Remote Code Execution or RCE, hacker lingo for one of the most dangerous types of vulnerabilities, one that essentially allows hackers to take control of the target. GitHub labeled the vulnerability as “critical severity,” and many researchers, as well as the Director of Cybersecurity at the NSA, are sounding the alarm.

RickMycroft · December 11, 2021, 10:25pm

Begun, the patch wars have.

Apache can be affected, but I don’t think that I’m using anything that should touch Java and this library. Still, might as well do an update. (Still on Buster because the Bullseye upgrade is a kind of a mess.)

blondie · December 13, 2021, 3:37am

The Quebec government got on it quickly.

ficuswhisperer · December 14, 2021, 5:18am

Relevant:

Jesse13927 · December 14, 2021, 9:07am

Topic		Replies	Views
Lavabit Redux? links	5	981	February 18, 2017
UK Snooper's Charter "would put an invisible landmine under every security researcher" boing	3	1091	November 16, 2015
Vulnerability in recorders used by 70+ CCTV systems has been known since 2014 boing	13	1666	March 29, 2016
New Vpnfilter analysis: modules attack router owners and target industrial control systems; reinfection still possible, more routers vulnerable boing	14	1165	June 11, 2018
Today only: take an extra 15% off all of the VPNs in the Boing Boing Store boing	4	865	December 1, 2015

Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

Related Topics