Aggregator

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.4.203/5.10.128/5.15.52/5.18.9. This issue affects the function of_get_devfreq_events/of_get_child_by_name. The manipulation leads to improper update of reference count. The identification of this vulnerability is CVE-2022-49668. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.18.1. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2022-49561. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.15.45/5.17.13/5.18.2 and classified as critical. This vulnerability affects the function lpfc_dmp_dbg. The manipulation leads to denial of service. This vulnerability was named CVE-2022-49542. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.15.45/5.17.13/5.18.2. Affected by this issue is the function lpfc_handle_fcp_err of the component scsi. The manipulation leads to deadlock. This vulnerability is handled as CVE-2022-49536. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.2. It has been rated as critical. Affected by this issue is the function lpfc_ignore_els_cmpl. The manipulation leads to memory leak. This vulnerability is handled as CVE-2022-49534. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

俄罗斯政府起草了一项新法律，强制要求莫斯科地区的所有外国人都安装位置跟踪应用。俄罗斯国家杜马主席 Vyacheslav Volodin 宣布了这项新法律提案，形容此举是为了打击移民犯罪，“利用现代技术加强移民监管，将有助于减少该地区的违法犯罪行为。”所有莫斯科地区的外国人都必须在智能手机上安装一款移动应用，向俄罗斯政府提供居住地、指纹、人脸照片以及实时地理位置跟踪。

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.18.2. This affects the function llpfc_set_rrq_active of the component scsi. The manipulation leads to infinite loop. This vulnerability is uniquely identified as CVE-2022-49504. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.18.2. Affected by this vulnerability is the function dpu_runtime_resume. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2022-49489. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.3. It has been declared as critical. Affected by this vulnerability is the function for_each_child_of_node. The manipulation leads to improper update of reference count. This vulnerability is known as CVE-2022-49351. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.4.197/5.10.120/5.15.45/5.17.13/5.18.2. This affects the function bfq_group. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2022-49411. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.18.2. This affects an unknown part. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2022-49335. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.3 and classified as critical. Affected by this issue is the function ieee80211_beacons_stop of the component rtl8192u. The manipulation leads to deadlock. This vulnerability is handled as CVE-2022-49305. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.17.0. This affects the function ieee80211_leave_mesh of the component mac80211. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2022-49290. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.17.1. It has been classified as critical. Affected is the function amdgpu_dm_connector_add_common_modes of the component AMD Display. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-49232. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

69% of global respondents to a Jumio survey say AI-powered fraud now poses a greater threat to personal security than traditional forms of identity theft. This number rises to 74% in Singapore, with 71% also indicating that AI-generated scams are harder to detect than traditional scams. Rising AI concerns erode digital trust 69% of global consumers indicated they are more skeptical of the content they see online due to AI-generated fraud than they were last … More →

The post Digital trust is cracking under the pressure of deepfakes, cybercrime appeared first on Help Net Security.

Deal Aims to Target Identity and AI Risks, SaaS Blind Spots With Unified Security
By acquiring Suridata, Fortinet plans to introduce SaaS Security Posture Management to its SASE platform. The update provides end-to-end visibility into SaaS apps, identity threats and AI plugin misuse, making SSPM a vital control plane in cloud-first security strategies.

Also: Signal Blocks Recall, Europe Sanctions Stark Industries
This week, Qakbot leader indicted, Signal blocked Recall and a judge said Trump illegally removed watchdogs. Ivanti and Palo Alto hacks linked, Stark Industries sanctioned, Marks and Spencer's hack costs 300M pounds. Pro-Ukraine hackers hit a Russian clinic and an outbreak of PureRAT in Russia.

Hacker Demanded $20M Ransom to Delete Stolen Personal, Financial Information
A months-long data breach led to the theft of personal and financial information of nearly 70,000 Coinbase customers. Coinbase said the breach dates back to December and was aided by bribery schemes targeting the company's overseas customer support agents.

DanaBot Used to Steal and to Spy
A top figure in the Russian cybercrime gang behind DanaBot infected his own computer with the malware, allowing an FBI agent to search an image of his system, U.S. federal prosecutors disclosed Thursday in indictments and an announced disruption of the malware's infrastructure.