Security News
The bug that was very occasionally corrupting data on file copies in OpenZFS 2.2.0 has been identified and fixed, and there's a fix for the previous OpenZFS release too. The OpenZFS development team have put out not one but two new releases of the open-source cross-platform filesystem for Linux and FreeBSD. Version 2.2.2 fixes the problem that showed up in the latest version, which is included in FreeBSD 14 as well as several Linux distros, including Ubuntu 23.10.
Chinese web and gaming giant Tencent has admitted it fired more than 100 people in 2022 for various forms of corruption - some so serious it reported them to local police. Other employees embezzled corporate funds, arranged sham contracts, or solicited goods for personal use from Tencent suppliers.
The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected.
Data privacy campaign group noyb, founded by Austrian lawyer Max Schrems, has filed a complaint with the Austrian Office for the Prosecution of Corruption for a potential violation of Austrian criminal laws by the Irish Data Protection Commission. The statement goes on to claim the DPC "Engaged in procedural blackmail", justifying noyb's report of the incident to the Austrian Office for the Prosecution of Corruption.
Microsoft has fixed a Windows 10 bug that could cause NTFS volumes to become corrupted by merely accessing a particular path or viewing a specially crafted file. Windows then prompts the user to reboot the computer and run chkdsk to fix the corruption.
Mozilla has released Firefox 85.0.1 and includes a fix that prevents a Windows 10 NTFS corruption bug from being triggered from the browser. Last month, BleepingComputer reported that a bug in Windows 10 and Windows XP allows non-privileged users to mark an NTFS volume as dirty.
Developers have released an unofficial fix for a Windows bug that could lead to the corruption of an NTFS volume by merely viewing a specially crafted file. Earlier this month, BleepingComputer reported that a Windows 10 bug was discovered by security researcher Jonas Lykkegaard that allows non-privileged users to mark an NTFS volume as dirty.
A former BAE Systems engineer accused of failing to hand over his device passwords to Merseyside Police vowed not to give them up until a watchdog investigated his allegations that police workers had perverted the course of justice, the Old Bailey heard. Finch is accused, as previously reported, of failing to hand over his passwords to police on demand - a crime in the UK - and of revealing secrets about a UK missile system to various foreign countries and other individuals, contrary to the Official Secrets Act.
Microsoft this week announced Kernel Data Protection, new technology that aims to protect the Windows kernel and drivers from data corruption attacks. KDP builds upon the technology included by default in Secured-core PCs and adds another layer of protection for configuration data.
Adobe informed customers on Tuesday that it has patched memory corruption vulnerabilities, including one that allows arbitrary code execution, in several of its products. All of the security flaws were reported to Adobe by researcher Mat Powell of Trend Micro's Zero Day Initiative.