Obscene posts on DC Metro transit authority’s Twitter account attributed to hacker
Monthly Archives: February 2022
How Configuration Assessments Help Improve Cyber Defenses
There’s an old adage in business; if you’re not measuring something, you can’t manage it. These days, information technology (IT) and information security professionals know this all too well, especially when it comes to configuration assessments. Network performance requires constant monitoring. Cyber threats demand identification and remediation. Systems need to be securely configured upon implementation and then assessed frequently to ensure they stay that way.
gnutls-3.7.2-2.fc34
FEDORA-2022-f899b7971a
Packages in this update:
gnutls-3.7.2-2.fc34
Update description:
Security fix for https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-01-17
gnutls-3.7.2-3.fc35
FEDORA-2022-62ac7b3744
Packages in this update:
gnutls-3.7.2-3.fc35
Update description:
Security fix for https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-01-17
Nonprofits Form Cyber Coalition
Nonprofit cybersecurity organizations unite to share resources, research and advice
Ransomware is top cyberattack type, as manufacturing gets hit hardest
Ransomware and phishing were the top cybersecurity issues for businesses in 2021, according to IBM Security’s annual X-Force Threat Intelligence Index.
The report maps the trends and patterns observed by X-Force, IBM’s threat intelligence sharing platform, covering key data points including network and endpoint detection devices, and incident response (IR) engagements.
The report, which covers 2021, reported ransomware as the top attack type; phishing and unpatched vulnerabilities as leading infection vectors; cloud, open-source, and Docker environments as the biggest areas of focus for malware; manufacturing the most attacked industry; and Asia the most attacked region.
Manufacturing was the top industry targeted by ransomware last year, claims report
Global supply chains are bearing the brunt of ransomware attacks, according to a new IBM report that finds manufacturing was the most targeted industry during 2021.
Read more in my article on the Tripwire State of Security blog.
CVE-2020-27467
A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.
CVE-2019-25058
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
USN-5292-4: snapd regression
USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced
a regression that could break the fish shell. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
James Troup discovered that snap did not properly manage the permissions for
the snap directories. A local attacker could possibly use this issue to expose
sensitive information. (CVE-2021-3155)
Ian Johnson discovered that snapd did not properly validate content interfaces
and layout paths. A local attacker could possibly use this issue to inject
arbitrary AppArmor policy rules, resulting in a bypass of intended access
restrictions. (CVE-2021-4120)
The Qualys Research Team discovered that snapd did not properly validate the
location of the snap-confine binary. A local attacker could possibly use this
issue to execute other arbitrary binaries and escalate privileges.
(CVE-2021-44730)
The Qualys Research Team discovered that a race condition existed in the snapd
snap-confine binary when preparing a private mount namespace for a snap. A
local attacker could possibly use this issue to escalate privileges and
execute arbitrary code. (CVE-2021-44731)