Politics
Boris Johnson discovers phone passcode for WhatsApp The Register probe
Infosec in a nutshell Former British Prime Minister Boris Johnson has thrown a wrench into the work of the country’s COVID-19 investigation by claiming he cannot remember the password to unlock an old phone investigators are looking for.
Investigation searched for the device as it is believed to contain a wealth of WhatsApp messages from the early days of the COVID-19 pandemic when the encrypted chat app was widely used amid criticism from the Prime Minister and others ministers unable to meet in person.
Marry would have last used the device in question in May 2021 after it was revealed that his phone number was freely available to anyone online who knew where to look for a press release he issued in 2006 when he was MP for Henley and shadow minister for higher education. His phone number was still in use while PM was apparently unchanged in the 15 years since the press release was issued.
Johnson could not remember the password “with 100% confidence”, according For The temperatureraising fears that the device could be erased if the ex-Prime Minister was wrong too often.
Johnson’s oversight came after the UK High Court ruled that messages and logs were to be handed over without redaction, which the government objected to on the grounds that this would have led to the exposure of “unambiguously irrelevant” material.
The judges rejected that argument last week, saying the inclusion of irrelevant documents did not invalidate the order to hand everything over without taking the time to draft it first. Part of the inquiry’s message request included individual communications between Johnson, former Chancellor Rishi Sunak and Cabinet Secretary Simon Case.
However, everyone can rest easily. On Thursday, the government claimed it had found a record of the PIN code from Johnson’s old device and opened it up to the committee. By the BBC, the Cabinet Office has until 4 p.m. BST on Monday to deliver the requested messages in full.
This does not mean that those who are not part of the survey will see them. The Cabinet Office and the Inquiry itself retain the right to redact before wider dissemination to experts, witnesses or the public.
Critical Vulnerabilities: The One-Week Edition of Patch Tuesday
To say it’s been a busy week at Patch Land is an understatement. In addition to Microsoft’s huge slate of updates from Tuesday, a bunch of other companies have been battling critical vulnerabilities, so let’s get to that.
First, the researchers found several critical vulnerabilities in the SDK and API for the popular QuickBlox chat and video framework which, if exploited, could allow the retrieval of complete user lists, PII on users, and the creation of new users. Fixes are available, so install them as soon as possible.
There are a few missed Patch Tuesday updates worth knowing about:
- HPE has informed users of several High-risk vulnerabilities in multiple versions of ArubaOS running on different devices that could lead to XSS attacks, execution of arbitrary commands, etc.
- patched juniper 14 vulnerabilities in Junos OS as and Junos OS Evolved this week patching a number of high-risk vulnerabilities.
Additionally, ICS systems were in an update frenzy this week thanks to a number of critical issues:
- CVSS 9.9 Multiple CVEs: Siemens SIMATIC CN 4100 devices incorrectly control access and contain incorrect default permissions that an attacker could use to bypass network isolation and elevate privileges.
- CVSS 9.8 Multiple CVEs: Siemens RUGGEDCOM ROX switches running software versions 2.16.0 or earlier are loaded with vulnerabilities that could allow an attacker to send malformed HTTP packets to achieve MITM status and execute arbitrary code.
- CVSS 9.8 Multiple CVEs: Experion’s PKS, LX, and PlantCruise (versions prior to R520.2) contain a series of vulnerabilities that could cause DoS or allow an attacker to elevate permissions and execute code remotely.
- CVSS 9.8 Multiple CVEs: Anyone with a Rockwell Automation 1756 controller of any model should upgrade immediately, as almost all of them are vulnerable to an out-of-bounds write attack that could allow a malicious actor to access the memory being read. execution of the module.
- CVSS 9.6 CVE-2023-2746: The Rockwell Automation Enhanced HIM Communication Interface v. 1.001 contains a cross-site request forgery vulnerability that could be used to gain full remote access on affected devices.
- CVSS 9.1 CVE-2023-20214: A flaw in request authentication validation for the REST API in Cisco SD-WAN vManage software could give an unauthenticated attacker limited read and write permissions to an instance’s configuration settings vManage affected.
- CVSS 8.8 CVE-2023-2072: Rockwell Automation Power Monitor 1000 v4.011 is vulnerable to XSS which could lead to RCE and loss of availability.
- CVSS 8.2 Multiple CVEs: Siemens SIMATIC MV500 series devices contain a series of vulnerabilities that an attacker could use to read the contents of memory or cause a DoS.
- CVSS 8.2 Multiple CVEs: BD Alaris medical pumps and several pieces of their software are vulnerable to a host of issues that an attacker could use to compromise data, hijack sessions, modify firmware, and cause serious damage.
Only one new known exploited vulnerability was added to the CISA database this week: a 9.8 CVSS RCE vulnerability issue in the Netwrix Auditor server and agent software that could allow an attacker to execute arbitrary code.
As always, get fixes.
Cybercriminals love MOVEit: Two more high-profile victims admit to beatings
What do the financial giant Deutsche Bank and the American university elite Rutgers have in common? They have both become collateral damage as hackers continue to exploit vulnerabilities in MOVEit file transfer software.
In a statement to beeping computer earlier this week, Deutsche Bank admitted one of its external service providers in Germany experienced a security incident. Without saying that the attack was definitely caused by vulnerabilities in MOVEit, DB said BC that “In addition to our service provider, we understand that more than 100 companies in more than 40 countries are potentially affected.”
Combined with the fact that Deutsche Bank used the affected service provider to operate its account switching service, MOVEit is a probable cause due to the high volume of data transferred from one institution to another.
Rutgers University, on the other hand, said exposing some of its data processed by the National Student Clearinghouse was due to MOVEit vulnerabilities. Rutgers probably isn’t alone either: NSC works with 3,600 colleges across the United States to gather student data for the Department of Education.
Both Rutgers and Deutsche Bank said their internal systems were unaffected.
CVSS 4.0 is coming
The Forum for Incident Response and Security Teams (FIRST) this week unveiled the fourth version of its Common Vulnerability Scoring System (CVSS) with promises to “provide the highest vulnerability assessment fidelity for both industry and the public”.
There is a number of changes In CVSS 4.0such as removing the concept of “scope” and replacing it with “vulnerable” and “subsequent” system impacts, scoring vulnerabilities for software libraries, and considering multiple base scores.
Perhaps the most notable change is to the CVSS nomenclature, which is modified to include the metrics used to arrive at the score: base, environment, or threat. CVSS scores will be labeled as CVSS-B (basic only), CVSS-BE (basic, environmental), CVSS-BT (basic and threat), or CVSS-BTE when all three have been included in the calculations.
The reason for the new nomenclature, FIRST said, is that CVSS-B scores only measure the severity of a vulnerability, but do not reflect risks to individual environments or systems. CVSS-B scores “should be supplemented with an environmental scan,” FIRST said, and give environmental metrics and threats that are periodically updated.
Public preview and feedback for CVSS 4.0 ends July 31, with a targeted release date of October 1, 2023 for the new standard.
|
Sources 2/ https://www.theregister.com/2023/07/17/infosec_in_brief/ The mention sources can contact us to remove/changing this article |
What Are The Main Benefits Of Comparing Car Insurance Quotes Online
LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos
to request, modification Contact us at Here or [email protected]
 |
 |
 |
