Tux Machines
Posted by Roy Schestowitz on Nov 22, 2022
=> Open Hardware and Hacking | today's howtos
=> ↺ CVE-2021-33621: HTTP response splitting in CGI
We have released the cgi gem version 0.3.5, 0.2.2, and 0.1.0.2 that has a security fix for a HTTP response splitting vulnerability. This vulnerability has been assigned the CVE identifier CVE-2021-33621.
=> ↺ Security Researchers Looking at Mastodon as Its Popularity Soars | SecurityWeek.Com
Cybersecurity researchers are increasingly looking at Mastodon now that the decentralized social media platform’s popularity has soared, and they have started finding vulnerabilities and other security issues.
After Elon Musk acquired Twitter, he made a series of significant changes, including firing staff and modifying features, which have had a negative impact on the platform’s security. This has led to a Twitter security chief resigning and the FTC saying that they were deeply concerned.
=> ↺ Security updates for Tuesday [LWN.net]
Security updates have been issued by Debian (ntfs-3g), Fedora (krb5 and samba), Gentoo (firefox-bin, ghostscript-gpl, pillow, sudo, sysstat, thunderbird-bin, and xterm), Red Hat (firefox, hsqldb, and thunderbird), SUSE (cni, cni-plugins, and krb5), and Ubuntu (isc-dhcp and sqlite3).
=> ↺ Microsoft feedback product being exploited to send phishing links
In a statement, researchers from Avanan, a company owned by Check Point Software, said the attackers were using Microsoft Dynamics 365 Customer Voice to send these links.
The company claimed to have seen a dramatic increase these attacks in recent weeks, with attackers using spoofed scanner notifications to send malicious files. However, when asked to quantify "dramatic increase", Avanan could not offer any specifics.
=> gemini.tuxmachines.org This content has been proxied by September (3851b).Proxy Information
text/gemini;lang=en-GB