Read Time:8 Second
FEDORA-2022-7846cac830
Packages in this update:
ignition-2.14.0-1.fc34
Update description:
New upstream release for v2.14.0. See release notes at NEWS.
Daily Archives: May 17, 2022
ignition-2.14.0-1.fc35
ignition-2.14.0-1.fc36
Keyloggers explained: How attackers record computer inputs
Read Time:40 Second
What is a keylogger?
A keylogger is a tool that can record and report on a computer user’s activity as they interact with a computer. The name is a short version of keystroke logger, and one of the main ways keyloggers keep track of you is by recording what you type as you type it. But as you’ll see, there are different kind of keyloggers, and some record a broader range of inputs.
Someone watching everything you do may sound creepy, and keyloggers are often installed by malicious hackers for nefarious purposes. But there are legitimate, or at least legal, uses for keyloggers as well, as parents can use them to keep track of kids online and employers can similarly monitor their workers.
CVE-2020-4994
Read Time:13 Second
IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906.
java-latest-openjdk-18.0.1.0.10-1.rolling.el8
Read Time:8 Second
FEDORA-EPEL-2022-2d9ad80d5c
Packages in this update:
java-latest-openjdk-18.0.1.0.10-1.rolling.el8
Update description:
OpenJDK 18 security update for epel8
USN-5427-1: Apport vulnerabilities
Read Time:1 Minute, 22 Second
Muqing Liu and neoni discovered that Apport incorrectly handled detecting
if an executable was replaced after a crash. A local attacker could
possibly use this issue to execute arbitrary code as the root user.
(CVE-2021-3899)
Gerrit Venema discovered that Apport incorrectly handled connections to
Apport sockets inside containers. A local attacker could possibly use this
issue to connect to arbitrary sockets as the root user. (CVE-2022-1242)
Gerrit Venema discovered that Apport incorrectly handled user settings
files. A local attacker could possibly use this issue to cause Apport to
consume resources, leading to a denial of service. (CVE-2022-28652)
Gerrit Venema discovered that Apport did not limit the amount of logging
from D-Bus connections. A local attacker could possibly use this issue to
fill up the Apport log file, leading to denial of service. (CVE-2022-28654)
Gerrit Venema discovered that Apport did not filter D-Bus connection
strings. A local attacker could possibly use this issue to cause Apport to
make arbitrary network connections. (CVE-2022-28655)
Gerrit Venema discovered that Apport did not limit the amount of memory
being consumed during D-Bus connections. A local attacker could possibly
use this issue to cause Apport to consume memory, leading to a denial of
service. (CVE-2022-28656)
Gerrit Venema discovered that Apport did not disable the python crash
handler before chrooting into a container. A local attacker could possibly
use this issue to execute arbitrary code. (CVE-2022-28657)
Gerrit Venema discovered that Apport incorrectly handled filename argument
whitespace. A local attacker could possibly use this issue to spoof
arguments to the Apport daemon. (CVE-2022-28658)
Ransomware Hits American Healthcare Company Omnicell
USN-5426-1: needrestart vulnerability
Read Time:7 Second
Jakub Wilk discovered that needrestart incorrectly used some regular
expressions. A local attacker could possibly use this issue to execute
arbitrary code.
CVE-2020-4957
Read Time:9 Second
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208.