A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
A maker of enterprise software for Apple’s ecosystem announced a half-dozen new products and enhancements at an online event Tuesday. Jamf maintained the new offerings would help organizations create an enterprise-secure, consumer-simple environment that protects personal privacy.
Three new features were added to the company’s endpoint and network security platform, Jamf Protect. They include network threat protection, which allows endpoints to report network-based indicators of compromise, comprehensive logging of endpoint and network security events, and removable storage controls to ensure that sensitive data is written to USB mass media drives.
curl-7.82.0-3.fc36
fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
curl-7.79.1-2.fc35
fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
curl-7.76.1-14.fc34
fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
maven-shared-utils-3.2.1-0.9.fc34
Fixes an important security vulnerability – command injection via Commandline class
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITYSYSTEM.
Global cybersecurity authorities have published a joint advisory on the 15 Common Vulnerabilities and Exposures (CVEs) most routinely exploited by malicious cyber actors in 2021. The advisory is co-authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), U.S. Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom’s National Cyber Security Centre (NCSC-UK).
The advisory warned that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide, last year. What’s more, malicious actors also continued to exploit publicly known, dated software vulnerabilities.
Several threat groups believed to be initial access facilitators for some ransomware gangs are transitioning to a new first-stage malware downloader dubbed Bumblebee. The groups previously used other downloaders like BazaLoader and IcedID.
According to researchers from security firm Proofpoint, Bumblebee email-based distribution campaigns started in March and were linked back to at least three known attack groups. The malware is used to deploy known penetration testing implants such as Cobalt Strike, Sliver and Meterpreter. Attackers have adopted these attack frameworks and other open-source dual-use tools in recent years to engage in hands-on manual hacking and lateral movement through victim networks.
It was discovered that Mutt incorrectly handled certain requests.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 20.04 LTS. (CVE-2021-32055)
It was discovered that Mutt incorrectly handled certain input.
An attacker could possibly use this issue to cause a crash,
or expose sensitive information. (CVE-2022-1328)
