Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

The Hacker News Daily Updates [Newsletter]( [cover]( [SANS Report: The State of ICS/OT Cybersecurity in 2022 and Beyond]( The industrial control system (ICS)/operational technology (OT) security community is seeing attacks that go beyond traditional attacks on enterprise networks. Given the impacts to ICS/OT, fighting these attacks requires a different set of security skills, technologies, processes, and methods to manage the different risks and risk surfaces, setting ICS apart from traditional IT enterprise networks. [Download Now]( Sponsored LATEST NEWS Dec 17, 2022 [Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities]( Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022. Samba is an open source ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities]( Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the "socially engineered supply chain" attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. It's tracking ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Ex-Twitter employee Gets 3.5 Years Jail for Spying on Behalf of Saudi Arabia]( A former Twitter employee who was found guilty of spying on behalf of Saudi Arabia by sharing data pertaining to specific individuals has been sentenced to three-and-a-half years in prison. Ahmad Abouammo, 45, was convicted earlier this August on various criminal counts, including money laundering, fraud, falsifying records, and being an illegal agent of a foreign government. Abouammo ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Cyber Security Is Not a Losing Game – If You Start Right Now]( Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad. For example, just recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack. As usual, everyone cried "foul play" and suggested that proper cybersecurity measures should have been in place. And again, as usual, it all happens a bit too ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [GitHub Announces Free Secret Scanning for All Public Repositories]( GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company said, adding it's expected to complete the rollout by the end of January 2023. Secret scanning is designed to examine repositories for access tokens, private ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm]( The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, announced Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing to the risk of collision attacks. While hashes are designed to ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Minecraft Servers Under Attack: Microsoft Warns About Cross-Platform DDoS Botnet]( Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts. "The botnet spreads ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [CISA Alert: Veeam Backup and Replication Vulnerabilities Being Exploited in Attacks]( The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The now-patched critical flaws, tracked as CVE-2022-26500 and CVE-2022-26501, are both rated 9.8 on the CVSS scoring system, and could be leveraged ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [SANS Report: The State of ICS/OT Cybersecurity in 2022 and Beyond]( The industrial control system (ICS)/operational technology (OT) security community is seeing attacks that go beyond traditional attacks on enterprise networks. Given the impacts to ICS/OT, fighting these attacks requires a different set of security skills, technologies, processes, and methods to manage the different risks and risk surfaces, setting ICS apart from traditional IT enterprise networks. [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India