accented-list li:before {top:1.15rem}.c-wysiwyg .accented-list li{margin-bottom:1.25rem}.c-wysiwyg hr+*{margin-top:2.5rem}.c-wysiwyg hr{border-bottom: 2px solid #00a88e; width: 120px;margin: 1rem 0 -1.25rem 0;}blockquote h5 { color: #00a88e; font-style: initial; } span.accented-quote { display: block; font-size: 60px; font-family: sans-serif; line-height: 20px; margin-top: 30px; margin-left: -3px; }@media(min-width: 40.6875rem){.accent{font-size:2rem}.c-wysiwyg .accented-list li:before {top:1.75rem}.c-wysiwyg hr{border-bottom: 2px solid #00a88e; width: 160px;}}.c-wysiwyg ol>li:before{left: -1.85rem; top: -0.25em; font-size: 2.875rem;}.c-wysiwyg ol>li{padding-left: 1rem;}span.footnotes { position: relative; display: inline-block; border-bottom: 3px dashed #e5f6f3; line-height: 1em;transition: 0.5s; background: transparent; color: #00a88e; cursor: pointer; } span.note { color: rgba(0,0,0,.8); position: absolute;line-height: 1.6em; width: 500px; opacity: 0; visibility: hidden; left: 0; top: 15px; transform: translateX(-50%); transition: 0.3s; background: white; padding: 15px 20px; box-shadow: 0px 3px 7px #ababab; border-radius: 3px; cursor: initial; } span.footnotes:hover { background: #00a88e2e; } span.footnotes:hover .note { z-index:999;opacity: 1; visibility: visible; }@media(max-width:768px){span.footnotes:hover .note{display:block;box-shadow: 0 0 0 4000px #7070707a;}span.footnotes .note {display: none; position: fixed; bottom: 0; top: auto; left: 0%; right: 0%; box-shadow: 0 0 0 4000px #70707000; z-index: 9999;transform: none;}}.c-wysiwyg .illustration-list { margin-left: 0; display: grid; grid-column-gap: 5vw; grid-template-areas: "a a" "b c" "d e"; } @media (max-width: 640px) { .illustration-list { grid-template-areas:"a" "b" "c" "d" "e" } } .c-wysiwyg .illustration-list li { margin-bottom: 2em; } .illustration-list li:before { display: none; } .illustration-list span.accent { font-size: 1em; } .illustration-list img { width: 128px; }.desktop-banner {display:block!important} .mobile-banner{display:none!important} @media(max-width:768px){.desktop-banner {display: none!important} .mobile-banner{display: block!important}} So, you want to buy NFTs. Youve read the stories about people getting immensely rich with them or cryptocurrency, and think — why not me? Well, You thought wrong was a working title for this article, but itll be a long while before we reach this conclusion. The NFT ecosystem is fairly complex in itself, and the technologies it involves are built on top of others. And understanding what NFTs are, unfortunately, requires establishing some base knowledge. For this reason, this article is divided into three parts, ordered by increasing level of abstraction. In the first part, well talk about blockchain and the general ideas behind cryptocurrency. This will allow us to dive into the NFT ecosystem in the second part, before finally studying the societal and political impacts of this industry. Blockchain technology While blockchains can hardly be considered new technology in 2022, Im always surprised to discover how limited most peoples understanding of them is. If you already know what blockchain is, feel free to skip this section. If you dont know, while you were really considering getting rich off of cryptocurrencies, this should probably be your first red flag — were you really hoping to earn money from entities whose core concept totally eludes you? For the sake of brevity and clarity, the following introduction will involve a number of oversimplifications, but hopefully it will be good enough to understand the one aspect that Ill keep coming back to: what problem blockchains were created to solve in the first place. Blockchains are distributed ledgers. In other words, theyre a way of storing data in a distributed fashion. On paper, this doesnt seem groundbreaking at all: the IT world has been using distributed databases for a long time to allow companies to replicate and synchronize data across multiple locations. But these locations are usually controlled by a single, trusted entity (that is, a company). Blockchains have an additional property: they can be distributed among many entities that dont necessarily trust each other. To illustrate why this is needed, consider Bitcoin — the cryptocurrency that was the first successful application of blockchain technology. Bitcoin was designed as a monetary system that wouldnt need any central authority to operate. Its a distributed database that contains information about who owns how much, and this database gets updated every time transactions take place. In my experience, the distributed data storage aspect of blockchains is usually well understood. Most people have a good grasp of the idea of blocks of information chained together, containing a checksum (or cryptographic hash, called H in the example below) to attest the integrity of the previous link. A sample chain of blocks Since all the participants of the network need to have a consistent copy of the blockchain, there are a number of security challenges to address. What prevents you from updating this distributed database with a record that says you now own 10,000BTC? After all, since theres no central authority, your word is as good as that of any other network participant. Or, an even better idea: is there a way you could spend your money twice by sending multiple transaction orders before the information has had time to spread across all copies of the ledger? The technical answers to these problems matter less than their consequence: blockchains are as much a means of distributed storage as they are consensus-building algorithms. I want to reiterate this point, because its so crucial to understanding blockchains: what they actually bring to the table is their ability to consistently share information between multiple untrusted parties who have a direct financial incentive to poison it with false data. Cryptocurrencies (are not currencies) So here we are, armed with a nice data-sharing tool. Finding applications for it, as well see, turns out to be a much more difficult task than you might think. In 2009, an unknown individual (or group of individuals) using the moniker Satoshi Nakamoto released the first public version of the Bitcoin client, following a whitepaper a year before. The idea behind Bitcoin was to create a purely digital, peer-to-peer currency system that would be able to function without banks — central or otherwise — and without the support of any state. In the context of Bitcoin, the ledger acts as a record of all existing coins in the system, where each block represents a number of transactions. The bitcoins move around wallets (the rough equivalent of a bank account); users can prove ownership of their wallets using public-key cryptography, and this gives them the right to send their money to others. On paper, the idea sounds solid. But does it work? While there are many facets involved in answering this question, we may simply begin by looking at todays practical uses of Bitcoin, which, to-date remains the foremost crypto-asset. The first recorded purchase of physical goods with cryptocurrency (a pizza for 10,000 BTC in 2010) was perceived as an encouraging sign that such payments would one day become the norm. More than a decade later, the fact of the matter is — it didnt happen. Many vendors, including Tesla, Microsoft, Steam and Dell, all tried to accept Bitcoin at some point, before giving up for various reasons: low demand, instability of the exchange rates, or even concerns about the ecological impact (more on that later). As far as currencies go, Bitcoin has failed. I expect that many cryptocurrency proponents would dispute that statement, but lets face the facts: Its almost impossible to find stores that accept Bitcoin. Validation delays for transactions are prohibitive. If you were to go to a store intending to pay with Bitcoin, youd have to wait at least ten minutes before you could leave. Bitcoin payments incur transaction fees (fees given to the participants of the network as payment for confirming transactions). They are currently relatively low, in the order of $1 per transaction, but reached almost $60 during the 2017 boom. Long story short, even if you were to find… a bakery willing to give you a baguette in exchange for Bitcoin, youd both clog the line for a long time and end up paying twice as much for your bread as its retail price. There are only a limited number of use-cases where none of these issues apply, and they can pretty much be reduced to buying drugs and paying ransoms — both of which have debatable social utility. Still, Bitcoin being a dreadful payment system doesnt mean it hasnt accomplished anything: people are currently willing to pay over $23,000 for 1BTC… So it must have some use, right? Polling cryptocurrency enthusiasts you may know, youll soon discover that almost none of them purchased Bitcoin to spend it (at least, not for the purposes theyd be willing to admit), but instead with every intent to resell it at a profit. The number one reason why people buy Bitcoin is speculation: while the project failed as a currency, it greatly exceeded expectations as a gambling system. Dont get me wrong, Ive nothing against gambling; its just that confusing it with anything else usually leads to financial ruin. Still, if we established at the very beginning that your aim in all this is to get filthy rich — no problem here: were still on the right track! If theres one thing the cryptocurrency world loves, its a line going upwards. Source: Cambridge Bitcoin Electricity Consumption Index Criticism of Bitcoin doesnt end there. One of the major arguments against it is how dreadfully inefficient the network really is. It can only handle three to seven transactions per second (TPS), as opposed to actual payment processors such as Visa and MasterCard (1700 and 5000 TPS, respectively, with a maximum capacity way beyond that). Ethereum, another major blockchain, reports 15-25 TPS on average — slightly better but still light-years away from any form of scalability. Those numbers could be overlooked if the cost for reaching those measly 3-7 TPS wasnt so unbelievably high. Each transaction requires a power consumption of over 2000 kWh, totaling an estimated 89 terawatt-hours (TWh) for 2022 (live statistics can be found here). Compare that with MasterCards 0.000109 TWh consumed in all of 2019, while keeping in mind that they could do a thousand times more with that energy. Now compare that with the 2021 consumption of France (441 TWh) or Germany (503 TWh), and try not to think too much about the fact that Europe is in the middle of a major energy crisis [1]Counter-arguments from blockchain enthusiasts related to these problems are studied in the next section.. The cause of this absurd energy consumption is a mechanism called proof-of-work. I mentioned earlier how blockchains need to provide a certain number of guarantees — one of which is the fact that malicious actors cannot inject false information into the ledger. To prevent this from happening, each block added to the chain needs to be validated by the network. This process involves having participants of the network compete to solve a complex problem [2]Whoever finds the solution to the problem first receives a reward (currently, 6.25 BTC). This process is called mining and this is how new currency appears in the system. If not for this reward mechanism, nobody would have an incentive to help validate transactions and the whole system would crumble.; the underlying idea being that no attacker would ever be able to waste enough computing power (that is, energy) to outperform the rest of the participants. Heres an example of the kind of hardware you need for a decent shot at a solution: A 2500 GPU mining farm [3]Graphics cards are very efficient at the type of operations mining involves, and are the primary hardware components used by miners. Their demand incidentally drove a worldwide shortage were still struggling with.. Source A short masterclass in wishful thinking Proponents of cryptocurrencies are quick to point out that many (if not all) of the problems outlined in this first section are related to poor design choices made during Bitcoins inception, and that blockchains in 2022 are not what they were in 2010. Youll have no doubt noticed how I keep referring to blockchains — plural. Thats because many exist today, each implemented with different properties in mind. In light of this, here are the two main counter-arguments routinely offered: There are alternatives to wasteful proof-of-work algorithms, such as proof-of-stake [4]Proof-of-stake algorithms will be discussed in more detail in another section of this article, as they trade energy consumption issues for worsened governance problems. ones; Research is ongoing to improve the number of transactions-per-second handled by blockchains, possibly via so-called Layer 2 protocols like Lightning [5]Lightning is a protocol built on top of Bitcoin, relying on smart contracts to open payment channels between users (at the cost of immobilizing some capital). A system loosely comparable to balance sheets allows users to transfer money among themselves until they decide to cash out, at which point the resulting transaction gets committed to the blockchain. Ironically, the solution offered to blockchain inefficiency by these L2 protocols usually involves taking transactions outside of the blockchain, or worse: giving up on decentralization.. And those proponents seem to be right: blockchains dont have to be as dreadful at what they do as Bitcoin, and the whole technology can still be argued to be in its infancy. Theres no doubt in my mind that they can be improved dramatically. Unfortunately… none of this matters. The history of sciences teaches us that the diffusion of technologies, no matter how groundbreaking they are, takes dozens of years at best. Case in point: no matter what cool new blockchains are designed this year, Bitcoin and Ethereum are still the dominant ones, and its unlikely this will change in the foreseeable future. Even though the major players might integrate new contributions to the field (such as Ethereum ditching proof-of-work algorithms), this will only happen on a case-by-case basis, over long periods of time, and within a limited scope. In other words, barring a major ecosystem overhaul of cataclysmic proportions, the current blockchains and all their problems (including some Im not getting into here [6]Most of the remaining discussion on cryptocurrency challenges revolves around the privacy guarantees they offer (not that many in the case of Bitcoin). My feeling is that such considerations dont matter too much in the grand scheme of things now that weve established that cryptocurrencies cant be used to purchase anything anyway.) will persist in a more or less identical fashion. The broken libertarian promise The final nail in the coffin, however, comes from a very unexpected angle, and with a blunt force that reduces everything discussed so far to meaningless dust. Decentralization, as I insisted heavily in my introduction to blockchains, is cryptocurrencys raison dêtre. Its most adamant defenders may go as far as saying that all the costs and impracticalities laid out above are the price theyre willing to pay for peer-to-peer payments that genuinely eschew the need for trusted third-parties. Watch the four-minute Declaration of Bitcoins Independence [7]The folks in this video may not represent the official position of Bitcoins current maintainers (if they even have one), but are representative of views shared by many in the cryptocurrency community. (heres the transcript for those who prefer reading over viewing) and see if you can spot the anti-establishment language. Heres my point: if cryptocurrencies dont offer proper decentralization — a genuine alternative to state-monitored, bank-controlled payment systems — they might as well not exist at all. What would centralized cryptocurrencies be then, if not a much worse way of providing a service already handled by Visa and MasterCard? Brace yourself for an uncomfortable truth: blockchains arent really decentralized after all. And this is true on many levels. Using Bitcoin as an example again, youll remember that due to proof-of-work, users need to be able to provide tremendous amounts of computing power to participate in the network. Do you own a GPU farm like the one shown in the picture above? If not, its highly unlikely youll ever be able to validate a transaction. To make things worse, big players, who are rewarded for being the first to validate a transaction, increase their chances by pooling their resources together, leading to even further concentration of the processing power of Bitcoin. Hashrate distribution in the Bitcoin network. Source The diagram above shows that at the time of this writing, more than half of transactions on the Bitcoin network are handled by just five entities. Ethereum seems to be in a similar predicament. If one of these entities were to reach 51% of the share, it would be a disaster because — remember — blockchains are in large part consensus protocols. Theres no point in consensus when someone has the majority: they can just decide whatever they want. Admittedly, we dont appear to be anywhere near that point, so Bitcoin and Ethereum are still technically decentralized. But were also very far from the original peer-to-peer ideal: theres no way for you, as a newcomer, to meaningfully participate in the network. And where any decisions need to be taken concerning the future of these blockchains, its obvious that these entities voices will matter more than yours. Proof-of-stake algorithms, alluded to previously, propose to replace the very wasteful proof-of-work schemes by basing validation not on the raw energy you can leverage, but on the amount of currency you can offer as collateral. While theres no question that the planet will be better off, its also very obvious that such algorithms place power in the hands of a limited number of wealthy individuals you cannot ever hope to join. To no-ones surprise, Silicon Valleys self-proclaimed libertarian tendencies have given birth to a variation of late-stage capitalism (where theyre at the top). A good illustration of this issue is Ethereums planned switch to a proof-of-stake algorithm later this year. Its not a decision Im criticizing, considering how much energy it will end up saving. However, one cannot help but notice that a crypto-aristocracy changes the rules of the game that apply to everyone — in a way that will arguably consolidate their power over the ecosystem as a whole [8]More information about Ethereums decision process can be found here. Its stated there that Ethereum governance happens off-chain with a wide variety of stakeholders involved in the process.. But wait… Theres more! Trail of Bits also has an excellent research paper titled Unintended centralities in distributed ledger, detailing other technical challenges to decentralization in blockchains [9]You may also be interested in this 2019 article containing mathematical proof of the impossibility of full decentralization in permissionless blockchains.: The number of entities needed to disrupt the network is a lot lower than youd expect; Blockchain developers concentrate a disproportionate amount of power, which can only be contested through highly disruptive forks. Overall, blockchains are (strictly speaking) decentralized in the sense that theyre not controlled by a single entity, yet theyre very much centralized in practice due to the fact that a few entities hold most of the power. Basically — backdoor banking So weve established that blockchains arent really decentralized after all. But what about the cryptocurrency industry? Is it truly composed of die-hard activists aiming to free humanity from the thrall of corrupt states, as advertised on the label? A quick survey of the biggest names in the cryptocurrency field says hell no. Elon Musk, Peter Thiel, Jack Dorsey and the Winklevoss brothers, to name a few, are all purported to have invested massively into cryptocurrencies. Do tech billionaires harbor a secret agenda to give power back to the people? Thats unlikely: I doubt that the richest 1% people in the world have much interest in toppling the overall capitalist framework from which they are benefiting so much. Lets take a look at the broader picture. Say, after all this, you still want to buy Bitcoin. How do you get some? Odds are, youll look for an online exchange that will turn your hard-earned dollars into the cryptocurrency of your choice [10]Yes, there are ways to set up a meeting with private sellers and perform the exchange offline, but we all know youre not going to do that. In any case, this only represents a marginal fraction of all transactions.. These platforms act as the gatekeepers to the cryptocurrency world. Theyll ask for a copy of your passport, verify your identity to comply with state regulations, and youll then be able to deposit money via wire transfer or credit card. You can then use your balance on the platform to purchase cryptocurrency — for a fee of course. There are many platforms you can choose from, but looking at their partners paints a worrying picture: Bitstamp is in bed with the French bank Crédit Agricole; FTX, which famously advertised during the Super Bowl, appears to be in talks with Goldman Sachs; Coinbase received a $10.5M investment from the Bank of Tokyo. I could go on. But why would banks actively fund a technology whose ideological bedrock is to make them obsolete? The answer is, obviously, that it isnt the case. Banks have recognized cryptocurrencies for the speculative vehicle that they are and have put themselves in a position to both join the party and act as intermediaries when you do too — because… well, theres money to be made. A typical cryptocurrency purchase The icing on the cake is the way that such exchanges work under the hood. As it turns out, when you purchase cryptocurrencies, platforms simply update your balance in their local database — because, again, using the blockchain would be too expensive and slow! Many cryptocurrency traders have never, in fact, sent out a single transaction to the blockchain, because all they do is convert back and forth between currencies to profit from fluctuating exchange rates… and these operations occur locally. And this is where we come full-circle: access to the cryptocurrency world can only be achieved through a handful of corporations, which essentially keep track of how much (crypto-)money you own until you decide to withdraw it. If this isnt the exact definition of the banking industry we wanted to escape in the first place (and rebuilt with their funding and guidance, no less), I dont know what is. Conclusion This certainly was a long ride — yet, incredibly, things only go downhill from here. While the broader subject I wanted to address was NFTs, its impossible to understand their grave misgivings without having a decent grasp of the dumpster-fire of a foundation theyre built upon. In the interest of clarity, let me sum up the key points established up to now: Blockchains, as a technology, are consensus-building algorithms stapled onto distributed databases. Theyre very inefficient at what they do, which they compensate (allegedly) by being decentralized. Cryptocurrencies were initially designed as an alternative to real-world currencies — a goal they have miserably failed to reach. They immediately degenerated into highly volatile speculative assets and have served zero practical purpose ever since. Blockchains remain a solution in search of a problem. The core promise of decentralization hasnt even been fulfilled, which deals a fatal blow to the whole endeavor. Centralized cryptocurrencies are just digital banking and we already had that, only better implemented in every imaginable aspect. But we got there under the guise of building the conceptual opposite, which, in retrospect, was worth it for the sheer irony. In the next episode: Ethereums smart contracts, non-fungible tokens, and the subtle art of making incredibly unique jpeg images on an industrial scale. Stay tuned!
The CISA and the FBI published a joint advisory delineating tactics used by the Zeppelin ransomware group to target large organizations in Europe and the U.S. and demand large ransom payments. The FBI urges IT admins who identified Zeppelin ransomware activity within their networks to collect and share any type of related information to their local FBI Field Office.
In the past 30 days, Wordfence researchers saw 16 attack types that triggered more than 85 different firewall rules across protected websites with Ukrainian top-level domains.
Palo Alto Networks has released a security update to address a security flaw in PAN-OS firewall configurations that an attacker may remotely abuse to conduct a reflected denial-of-service. To prevent exploitation, users are suggested to remove the URL filtering policy and enable a security feature between packet-based attack protection and flood protection on the firewalls.
The researchers also reported another trend where multiple threat actors, including the APT29 group, are taking advantage of the self-enrollment process for MFA in Azure Active Directory and other platforms.
A new online tool named 'InAppBrowser' lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit.
The view from the U.S. government: Patch now; don't wait. "An attacker could exploit one of these vulnerabilities to take control of an affected device," warns the Cybersecurity and Infrastructure Security Agency.
The Avanan researchers call the method of using legitimate services as a piggyback to land in the inbox "the Static Expressway." Usually, email services use static "allow" and "block" lists to determine if an email's content is safe or not.
Chinese threat actors backdoored a version of MiMi, a cross-platform messaging app, to compromise Windows, Linux, and Mac systems by installing HyperBro and rshell malware. The malware has been associated with APT27 based on overlapping infrastructure using the same IP address range and TTPs.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added seven new flaws to its Known Exploited Vulnerabilities Catalog, including a critical SAP security vulnerability tracked as CVE-2022-22536.
BleepingComputer was able to successfully reproduce the experiment using different ZIP programs. We used both p7zip (7-Zip equivalent for macOS) and another ZIP utility called Keka.
The threat actors offer Android-based and PC-based versions of RAT, along with HVNC module and exploit builder to weaponize Microsoft Office and Adobe PDF documents to deliver malicious code.
While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. For starters, all of the links in the email lead to paypal.com.
Fortinet announced the latest semiannual FortiGuard Labs Global Threat Landscape Report which revealed that ransomware threat continues to adapt with more variants enabled by Ransomware-as-a-Service (RaaS).
Trojanized crypto-currency miners, also known as cryptojackers, continue to spread across computers around the world, while also becoming stealthier and increasingly avoiding detection.
A Russian national accused of laundering proceeds from Ryuk ransomware pleaded not guilty during his first U.S. court appearance Wednesday after extradition from the Netherlands.
SynSaber has raised $13 million in Series A funding. SYN Ventures led the round with participation from additional investors, including Rally Ventures and Cyber Mentor Fund.
The zero-day flaw, which concerned a bug in the Crypto Application Server (CAS) admin interface, has been mitigated in two server patch releases, 20220531.38 and 20220725.22.
Cybersecurity concerns represent the most serious risk facing organizations, beating inflation, talent acquisition/retention, and rising production costs, according to a new PwC study.
These malicious software packages are largely typosquatted variants of widely-used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers.
Back in early 2020, secure mail provider ProtonVPN reported a flaw in Apple’s iOS version 13.3.1 that prevented VPNs from encrypting all traffic. The issue was that the operating system failed to close existing connections.
A security researcher was able to hack into Starlink using $25 worth of off-the-shelf circuit board. To carry out the hack, a voltage fault injection attack was performed on a Starlink User Terminal (UT) or a satellite dish that people use to access the system. SpaceX has already responded to the researcher’s presentation with a six-page paper published online.
Researchers have disclosed multiple vulnerabilities impacting Ultra-wideband (UWB) Real-time Locating Systems (RTLS), enabling threat actors to launch adversary-in-the-middle (AitM) attacks and tamper with location data.
HC3 has observed a “marked increase” in vishing attacks in the last year. The method is used by advanced persistent threat groups or state-sponsored actors, leveraging voice-changing software to trick victims into installing malware.
ChromeOS is considered secure compared to legacy Windows and MacOS, but Microsoft recently discovered a nasty, remotely exploitable bug in ChromeOS's audio server with a severity score of 9.8 out of 10.
“This kind of partnership in cybersecurity is essential in today’s world as it expands our reach and capabilities,” said Director of the Croatian Security and Intelligence Agency Daniel Marki?.
Founded in 1891, Sferra designs and sells Italian-made luxury linen products, including luxury sheets, table linens, and bedding collections, as well as decorative home accessories.
The company offers security gateways, endpoint agents, and network segmentation solutions designed to help organizations secure, control, and monitor equipment and operational technology (OT).
A cybersecurity analysis of hundreds of media industry vendors showed that many companies are slow to patch critical vulnerabilities, according to MDR and third-party risk management provider BlueVoyant.
This Metasploit module exploits vulnerabilities within the ChainedSerializationBinder as used in Exchange Server 2019 CU10, Exchange Server 2019 CU11, Exchange Server 2016 CU21, and Exchange Server 2016 CU22 all prior to Mar22SU. Note that authentication is required to exploit these vulnerabilities.
Ubuntu Security Notice 5575-1 - Nicolas Gregoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. Alexey Neyman incorrectly handled certain HTML pages. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code.
Red Hat Security Advisory 2022-6119-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Ubuntu Security Notice 5574-1 - It was discovered that Exim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Gentoo Linux Security Advisory 202208-34 - Multiple vulnerabilities have been discovered in Apache Tomcat, the worst of which could result in denial of service. Versions less than 8.5.82:8.5 are affected.
Gentoo Linux Security Advisory 202208-35 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 104.0.5112.101 are affected.
Gentoo Linux Security Advisory 202208-33 - A vulnerability has been found in libcroco which could result in denial of service. Versions less than 0.6.13 are affected.
Gentoo Linux Security Advisory 202208-32 - Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. Versions less than 9.0.0060 are affected.
There is a buffer overflow in how AppleAVD.kext parses the ref_pic_list_modification component of H264 slice headers in AVC_RBSP::parseSliceHeader. When pic modification entries are copied into the pic modification list, the loop only terminates when the end code (3) is encountered, meaning that any number of entries show more ...
can be copied into the fixed size modification buffer. This can corrupt the remainder of the decoder structure, as well as write outside of allocated memory.
There is an out-of-bounds write vulnerability when decoding a certain flavor of RAW image files on macOS. The vulnerability has been confirmed on macOS 12.3.1. Although the advisory notes an attached poc, Google did not have one attached.
Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration
Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen? RAT malware typically helps cybercriminals gain complete control of a victim's system, permitting them to access network resources, files, and power to toggle the mouse and
Researchers have disclosed multiple vulnerabilities impacting Ultra-wideband (UWB) Real-time Locating Systems (RTLS), enabling threat actors to launch adversary-in-the-middle (AitM) attacks and tamper with location data. "The zero-days found specifically pose a security risk for workers in industrial environments," cybersecurity firm Nozomi Networks disclosed in a technical write-up last week. "
Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps. The trojans, which Doctor Web first came across in July 2022, were discovered in the system partition of at least four different smartphones: P48pro, radmi note 8, Note30u, and Mate40, was "These
Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "as nasty as Dirty Pipe." Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw (CVE-2022-2588) to escalate privileges to the maximum level. "DirtyCred is a kernel exploitation concept that swaps unprivileged
Zoom users on macOS are being told once again to update their copy of the video-conferencing software after a security hole was found that could be exploited by hackers. Read more in my article on the Hot for Security blog.
