Security News > 2024 > February > SBF likely off the hook for misplaced FTX funds after cops bust SIM swap ring

The trio's biggest haul was the theft of more than $400 million in cryptocurrency from an unnamed "Victim Company-1" on November 11, 2022 - the same day that FTX declared bankruptcy and an unknown attacker stole roughly $415m in crypto from the firm.

While SBF might be off the hook for this element of his mismanagement of FTX, that won't help him to walk free as was convicted on seven charges in October 2023 and faces up to 110 years in prison when sentenced next month.

CVSS 9.8 - Multiple CVEs: Several models of Emerson Rosemount gas chromatographs running software v4.1.5 are vulnerable to command injection and are improperly authenticating users.

CVSS 9.8 - Multiple CVEs: Multiple Mitsubishi Electric FA engineering software products are missing authentication for critical functions and can have malicious libraries added through unsafe reflection.

CVSS 8.8 - Multiple CVEs: Several Rockwell Automation Operator Panels are vulnerable to stack-based buffer overflow and other issues that could lead to DoS and RCE. CVSS 8.6 - CVE-2024-21916: Rockwell Automation ControlLogix and GuardLogix firmware are vulnerable to writing to memory outside of buffers, potentially crashing devices.

Qualys warned the bug affects all versions of glibc going back to 1992, but the glibc team believes the issue lies in calling applications that pass bad data, and thus any CVE issued should be on those apps, not glibc. "Even the most foundational and trusted components are not immune to flaws," Qualys said of the discovery, which isn't the first it's found in glibc lately.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/05/sbf_off_the_hook_for/