plib-1.8.5-30.fc37

Read Time:16 Second

FEDORA-2022-89c22f2ea9

Packages in this update:

plib-1.8.5-30.fc37

Update description:

Automatic update for plib-1.8.5-30.fc37.

Changelog

* Fri May 13 2022 Hans de Goede <hdegoede@redhat.com> – 1.8.5-30
– Add 3 patches from Debian
– Fixes CVE-2021-38714 (rhbz#1997815)

Read More

Intel bets big on security as a service for confidential computing

Read Time:23 Second

Intel revealed a string of security advancements at its inaugural Intel Vision event this week, including Project Amber — a security as a service initiative for confidential computing — as well as increased collaboration for secure and responsible developments in AI, and a phased approach to quantum-safe cryptography.

Project Amber is aimed at providing organizations with remote verification of security in cloud, edge, and on-premises environments.

To read this article in full, please click here

Read More

some details regarding CVE-2022-24422 / iDRAC VNC authentication

Read Time:24 Second

Posted by christian mock on May 13

The Dell advisory is a bit low on details, so:

The vulnerability is really just CVE-2006-2369 / CVE-2006-2450, but
wrapped in TLS (we’re in the 2020s, our auth bypasses are secure now!)

That means that your vuln scanner might or might not detect it, Nessus
for example does, but Nexpose apparently doesn’t.

It also means that metasploit’s “realvnc_41_bypass” is not directly
usable, you need to use your favorite TLS…

Read More

CVE-2021-22275

Read Time:9 Second

Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.

Read More

CVE-2020-22983

Read Time:11 Second

A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.

Read More

Locate Tenable Compliance Templates Faster with Revamped Portal

Read Time:2 Minute, 9 Second

Following a portal relaunch, Tenable’s Audit Files are now easier to find and manage, thanks to a new search engine that supports a variety of search query criteria.

Complying with in-house IT policies, industry mandates, vendor configuration recommendations and government regulations is critical for a solid cyber security posture. That’s why Tenable provides comprehensive compliance coverage through its Audit Files offering, which has just gotten a major enhancement: The Audit Files portal was relaunched with a powerful new search engine which will allow customers to find these compliance templates more quickly.

What do Audit Files do?

Tenable Audit Files are XML-based files that implement guidance from compliance authorities into the Tenable .audit language. They enable you to assess your network’s compliance with security frameworks such as the CIS Critical Security Controls and the NIST Cybersecurity Framework, spotting misconfigurations and detailing what you need to fix. You can also create your own custom Audit Files. When you achieve compliance, the Audit Files offer you proof that the appropriate controls are in place.

By automating and streamlining compliance, Audit Files help you harden your network efficiently, eliminating attack vectors, shrinking your attack surface and lowering your risk of security breaches. This gives security teams more time to focus on other tasks, such as remediating critical vulnerabilities, including zero-days.

The comprehensive Tenable Audit Files portal currently contains 1,056 audits covering 386 benchmarks, with more added as they’re released by source authorities and vendors including the Center for Internet Security, the U.S. Defense Information Systems Agency, and Microsoft.

Making Audit Files easier to find and manage

The new search engine will help you to quickly determine which content is relevant to your environment, and access audit information rapidly in order to build custom audits to fit your needs. 

The search engine lets you:

Search for Audit Files by name, source authority, updated date and compliance plugin.

Search control items by reference standards, description, filename and compliance plugin. 

The newly-redesigned portal also features clearer information on which types of checks can be found in different audits, and which audits can support different reference frameworks.

Also, the addition of Changelogs will enable you to see the changes between the different releases of an audit. This means you can choose whether to update the audit version in your environment.

In support of this release, Tenable Staff Research Engineer Chad Streck explains the features of this redesign in these six short instructional videos.

Check out the videos!

Learn More

Tenable Audit Portal knowledge base article
Tenable Audit Portal
Tenable Research

Read More

What’s a Parent to Do? Closing the Protection Gap between You and Your Children.

Read Time:7 Minute, 0 Second

Hands down, children look to their parents to keep them safe online more than anyone else, which begs the question—what’s a parent to do?

Our recent study on connected families found that nearly three-quarters of children said their parents were best suited to teach them about staying safe online, nearly twice than teachers at school (39%) and more than twice over for online resources (34%). Parents recognize their role as a protector online as well, with an overwhelming 90% of parents worldwide agreeing that they’re the primary source.

However, our study also found that parents could be taking more steps to protect themselves online, let alone taking steps for their children. In fact, when looking at how parents protect themselves and then if they protect their children the same way, a distinct gap appears.

Online Security Habits Across Devices

Figures that were already low for relatively straightforward and relatively easily employed safety measures drop yet lower for children—such as installing antivirus software, protecting the computer with a password, or sticking to reputable online stores when shopping.

For example, on computers and laptops, note the 11% drop in antivirus usage, the 14% drop in device password/passcode protection, and the 9% drop in regular updates to the operation system.

This trend continues when the study looked at mobile device protection for parents and children. The numbers were similarly low, and sometimes lower than the rate of protection on PCs and laptops. For example, while 56% of parents said that they protect their child’s smartphone with a password or passcode, only 42% said they do the same for their child’s smartphone—a further 14% drop.

Across the board, parents reported protecting a child’s smartphone to a lesser degree than they protect a child’s computer or laptop—notably when it comes to installing antivirus on phones, to a figure of 19% less (57% to 38%).

Mobile Device Usage Among Children

What’s striking about this is how tweens and teens access the internet today. Our report found that 74% of them said that their smartphone was their most important device (followed by their gaming console at 68%). Moreover, the rate at which they use their smartphones indicates that these devices are their primary onramp to the internet. By ages 15 to 16, some 90% of children worldwide report using a smartphone.

Given these findings, two important points stand out for parents:

First, the steps that parents take to protect themselves aren’t always done for their children—even though their children look overwhelmingly to them for protection online.
Second, children are going largely unprotected on the devices they use to access the internet the most—their smartphones.

Misconceptions about online protection may play a role in these lax measures. Two additional findings may indicate why this is:

49% of parents think a new phone is more secure than a new computer.
59% of tweens and teens thought new phone was more secure as well.

Both perceptions deny the reality that smartphones, and the people using them, are subject to hacks and attacks just like with any other device that connects to the internet. As such, smartphones call for protection too.

6 Steps to protect you and your family online

So, what’s a parent to do? They can take a few basic actions that will go a long way toward safeguarding themselves and their families online:

1) Protect yourselves

It used to be that we could load antivirus on our devices and go on our way with confidence. That’s not the case anymore. While antivirus is still a cornerstone of protection, it’s just a part of overall online protection. Comprehensive online protection software protects more than your computer or smartphone, it protects you.

For example, ours offers all-in-one protection for your personal info and privacy for peace of mind against data breaches—along with further features that can remove your data from some of the riskiest data broker sites that are selling it online. Other features include an online protection score that shows you just how strong your security is, along with simple guidance that can help seal up any gaps.

In all, online protection is the place to start when looking after yourself and your family online, whether that’s on a computer, laptop, or phone—with particular emphasis on phones, given the way parents and children alike rely on them so strongly.

2) Protect your identities

Identity theft can affect anyone, even the youngest of children. Our study found that 15% of children experienced attempted account theft, while 28% of parents reported it happening to them. An identity protection service like ours can monitor your family’s accounts and personal info for unauthorized or suspicious activity—and help you restore a compromised identity with the help of a pro.

3) Protect your devices

In and above using online protection software, there’s also the security of your devices to consider too. After all, devices can get lost or stolen. Take steps to protect your devices by ensuring they’re locked with a PIN or other protection like facial recognition. For your apps, use two-factor authentication wherever possible for extra protection should your device end up in someone else’s hands.

4) Protect your accounts

Similarly, you can take steps to protect your online accounts by using strong, unique passwords for each one. That means no repeats. This makes it far more difficult for hackers to compromise multiple accounts, such that if one password is compromised in a data breach, any potential damage is limited to just that one account in question.

Taking care of that yourself can be a lot of work, given all the accounts you likely have accounts across all the shopping and banking, not to mention your apps. It gets even more involved when you add all your children’s accounts into the mix. Yet there’s good news, a password manager can do all the work by creating and storing strong, unique passwords for you.

5) Keep updated

Updating your operating systems and apps can keep you current with the latest features and enhancements, and help you keep one step ahead of hackers as well. Many updates to operating systems and apps include security fixes and enhancements, which can keep bad actors from taking advantage of any exploits or loopholes on your devices. Many devices and apps make it easy with an auto-update feature. If any of yours offer auto-updating, take advantage.

6) Keep talking

Completely aside from software, apps, and updates, another way to keep your kids safe online is through conversation. When talking with them about their day, weave in a few questions about what’s happening online. What are their favorite games and apps right now? What shows are they watching? Is there a funny post or video they want to share?

Questions like these, simple as they are, can make talking about their life online seem more normal—the ups and downs of it alike—and provide you with opportunities that will help you foster strong decision-making skills that they can carry into adulthood.

Closing the gap

With our study uncovering a clear gap in protection, parents can rest assured they can close it with a few relatively straightforward steps, making everyone in the household safer than before.

This was just one of several findings from our global report on connected families. Others include noteworthy differences across nations, such as which nations report the highest levels of cyberbullying and which nation has nearly 100% of its young children saying they use a smartphone regularly. Yet more findings reveal insights into screen time, video game usage, and a breakdown of the top online activities for teens—and many more ways families are growing up together through their lives online.

Again, what’s a parent to do in light of all this?

Our blog is a great place to start. It offers parents and families a terrific resource when they have questions about life online, along with further resources about online protection that simply make for good reading. Our aim is to help you get thinking about what’s best for your family and the steps you can take to see it through, all so that you can make everyone’s time online safer and more enjoyable.

Read More

Five Eyes nations warn MSPs of stepped-up cybersecurity threats

Read Time:45 Second

In an unexpected development, the cybersecurity authorities of the “Five Eyes” countries issued an alert warning of an increase in malicious cyber activity targeting managed service providers (MSPs), with these agencies saying they expect this trend to continue. The alert is the result of a collaborative effort among the United Kingdom (NCSC-UK), Australia (ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United States (CISA, NSA, FBI).

The agencies said they are “aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue” and point to a report by a significant MSP IT solutions provider, N-Able. That report notes that “almost all MSPs have suffered a successful cyberattack in the past 18 months, and 90% have seen an increase in attacks since the pandemic started.”

To read this article in full, please click here

Read More