πŸ”’
❌
There are new articles available, click to refresh the page.
βœ‡Security Affairs

Watch out, a bug in Linux Kernel 5.19.12 can damage displays on Intel laptops

By: Pierluigi Paganini β€”

A bug in Linux Kernel 5.19.12 that was released at the end of September 2022 can potentially damage the displays of Intel laptops.

Linux users reported the displays of their Intel laptops rapidly blinking, flickering, and showing white flashes after upgrading to Linux kernel version 5.19.12.

Linux expert Ville SyrjΓ€l pointed out that the anomalous issue may damage displays.

β€œAfter looking at some logs we do end up with potentially bogus panel power sequencing delays, which may harm the LCD panel.” wrote SyrjΓ€l. β€œGreg, I recommend immediate revert of this stuff, and new stable release ASAP. Plus a recommendation that no one using laptops with Intel GPUs run 5.19.12.”

SyrjΓ€lΒ argued that the issue ends up with bogus panel power sequencing delays, which may harm the LCD panels.

According to BleepingComputer, most impacted Linux users running Arch andΒ FedoraΒ distros on Framework laptops.

The issue was addressed with the release of kernel version 5.19.13Β on Tuesday.

β€œI’m announcing the release of the 5.19.13 kernel. This release is to resolve a regression on some Intel graphics systems that had problems with 5.19.12.” reads the announcement of the new release by Greg Kroah-Hartman. β€œIf you do not have this problem with 5.19.12, there is no need to upgrade.”

Experts recommend users to check the kernel version running on their laptops to avoid upgrading to the buggy Linux release.

Users that have already upgraded their laptops to Linux kernel version 5.19.12 are recommended to revert to stable and safe version.

Follow me on Twitter: @securityaffairs and Facebook

PierluigiΒ Paganini

(SecurityAffairs – hacking, Linux Kernel 5.19.12)

The post Watch out, a bug in Linux Kernel 5.19.12 can damage displays on Intel laptops appeared first on Security Affairs.

βœ‡Security Affairs

Cisco fixed two high-severity bugs in Communications, Networking Products

By: Pierluigi Paganini β€”

Cisco fixed high-severity flaws in some of its networking and communications products, including Enterprise NFV, Expressway and TelePresence.

Cisco announced it has addressed high-severity vulnerabilities affecting some of its networking and communications products, including Enterprise NFV, Expressway and TelePresence.

β€œMultiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow a remote attacker to bypass certificate validation or conduct cross-site request forgery attacks on an affected device.” reads the advisory published by the IT giant.

The first vulnerability, tracked as CVE-2022-20814, is an improper certificate validation issue, a remote, unauthenticated attacker can trigger it to access sensitive data through a man-in-the-middle attack.

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.

The vulnerability is due to a lack of validation of the SSL server certificate for an affected device while it establishes a connection to a Cisco Unified Communications Manager device.

β€œAn attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.” continues the advisory.

The flaw doesn’t affect Cisco Expressway-E.

The second issue, tracked CVE-2022-20853, is a cross-site request forgery (CSRF) that can be exploited to cause a denial of service (DoS) condition by tricking a user into clicking on a specially crafted link.

β€œA vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.” states the advisory. β€œThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.”

The Cisco PSIRT is not aware of any public announcements or attacks in the wild exploiting these vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook

PierluigiΒ Paganini

(SecurityAffairs – hacking, DoS)

The post Cisco fixed two high-severity bugs in Communications, Networking Products appeared first on Security Affairs.

βœ‡Security Affairs

City of Tucson Data Breach impacted 123,500 individuals

By: Pierluigi Paganini β€”

The City of Tucson, Arizona disclosed a data breach, the incident was discovered in May 2022 and impacted 123,500 individuals.

The security breach was discovered at the end of May 2022 and concluded the investigation in September.

According to the notification letter sample provided to the Maine Attorney General’s Office, overΒ 123,500 were impactedΒ have been impacted by the incident.

β€œOn August 4, 2022, the City learned that certain files may have been copied and taken from the City’s network.Β  Following this discovery, the City undertook a comprehensive review of the information potentially at issue.” reads the data breach notice.”On September 12, this review concluded, and it was determined that certain personal information for a number of individuals was within the files potentially accessed from the City’s network.”

The exposed data include name, Social Security number, driver’s license or state identification number, and passport number.

The City is already notifying the impacted individuals, and it is providing free access to credit monitoring services for one year, through Experian, to them.

The city confirms it has no evidence that the exposed information has been misused.

The city was able to quickly contain and remediate the breach after the identification of the data breach, it also announced the implementation of additional measures to improve its resilience to cyber attacks.

The City is also providing impacted individuals with guidance on how to better protect against fraudulent activities, such as identity theft and fraud.

β€œThe City is providing individuals with information on how to place a fraud alert and security freeze on one’s credit, the contact details for the national consumer reporting agencies, information on how to obtain a free credit report, a reminder to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports, and encouragement to contact the Federal Trade Commission, their state Attorney General, and law enforcement to report attempted or actual identity theft and fraud.” states the letter.

Follow me on Twitter: @securityaffairs and Facebook

PierluigiΒ Paganini

(SecurityAffairs – hacking, City of Tucson)

The post City of Tucson Data Breach impacted 123,500 individuals appeared first on Security Affairs.

  • There are no more articles
❌