IN CASE YOU MISSED IT!

Cybersecurity, infosec, gdpr, ai & much more…

Chatbots News Friday, June 1

CVE-2018-11235 flaw in Git can lead to arbitrary code execution

  • The Git developer team and other firms offering Git repository hosting services have issued security updates to address a remote code execution vulnerability, tracked asCVE-2018-11235 in the Git source code versioning software.
  • The CVE-2018-11235 could be exploited by an attacker to set up a malformed Git repository containing a specially-built Git submodule.
  • The problem resides in the way the Git client handles the specially-built Git submodule.
  • The release alsoincludes the support for Git server-side component that could be used by Git hosting services to detect code repositories containing malicious submodules and prevent their upload.
  • Edward Thomson, Program Manager for Visual Studio Team Services, confirmed thatGit 2.17.1andGit for Windows 2.17.1 (2)already include the fix for the flaws and encourages all users to update their Git clients as soon as possible.

Tags:

CVE-2018-11235 flaw in Git can lead to arbitrary code execution

GDPR risks ‘helping hackers hide from law’

  • A service used to identify and contact website owners has been forced to strip out information on its site to comply with the EU’s GDPR legislation.
  • Whois is often used by journalists and police to make quick checks into the legitimacy of websites.
  • Mr Farmer told the BBC that the lack of guidance given by the EU was making companies extremely cautious about the regulation.
  • The service is valuable for protection as it helps provide context around whether an external website is legitimate or potentially unsafe, he told the BBC.
  • However, supporters of the new privacy regulation note that cyber-criminals were never likely to have provided accurate contact details for their scam websites, and highlight that the law does provide added protection for legitimate registrants.

Tags:

GDPR risks ‘helping hackers hide from law’

Yahoo hacker whose work compromised 500M accounts sentenced to 5 years

  • The Canadian man who pled guilty last year to a massive spear-phishing operation of Yahoo employeeswhich ultimately resulted in 500 million accounts being compromisedhas been sentenced to five years in prison.
  • In sentencing Baratov to five years in prison, the Court sent a clear message to hackers that participating in cyber attacks sponsored by nation states will result in significant consequences.
  • US charges two Russian agents with ordering hack of 500m Yahoo accounts Baratov had previously admitted that his role was to hack webmail accounts of individuals of interest to the FSB, the Russian internal security service.
  • In the process, he discovered two key assets, according to the FBI: Yahoo’s User Database (UDB) and an administrative tool called the Account Management Tool.
  • While the UDB’s contents did not necessarily give him everything required to access individual user accounts, it did give Belan and the two FSB agents information that could be used to locate and target specific accounts of interest.

Tags:

Yahoo hacker whose work compromised 500M accounts sentenced to 5 years