Read Time:4 Second
The stuffing attack exposed customer information and allowed hackers to redeem rewards points
Monthly Archives: May 2022
7 machine identity management best practices
Read Time:40 Second
Machine identities are a large, and fast-growing part of the enterprise attack surface. The number of machines—servers, devices, and services—is growing rapidly and efforts to secure them often fall short.
Cybercriminals and other threat actors have been quick to take advantage. Cyberattacks that involved the misuse of machine identities increased by 1,600% over the last five years, according to a report released last spring by cybersecurity vendor Venafi.
Research firm Gartner named machine identity as one of the top cybersecurity trends of the year, in a report released last fall. In 2020, 50% of cloud security failures resulted from inadequate management of identities, access, and privileges, according to another Gartner report. In 2023, that percentage will rise to 75%.
ICO Fines Clearview AI £7.5m for Collecting UK Citizens’ Data
Read Time:5 Second
Clearview AI has also ordered to delete existing data of UK residents from its systems
DSA-5145 lrzip – security update
Read Time:7 Second
Multiple vulnerabilities have been discovered in the lrzip compression
program which could result in denial of service or potentially the
execution of arbitrary code.
DSA-5146 puma – security update
Read Time:7 Second
Multiple security vulnerabilities were discovered in Puma, a HTTP server
for Ruby/Rack applications, which could result in HTTP request smuggling
or information disclosure.
USN-5438-1: HTMLDOC vulnerability
Read Time:15 Second
It was discovered that HTMLDOC did not properly manage memory under certain
circumstances. If a user were tricked into opening a specially crafted HTML
file, a remote attacker could possibly use this issue to cause HTMLDOC to
crash, resulting in a denial of service, or possibly execute arbitrary code.
python-jwt-2.4.0-1.fc36
Read Time:11 Second
FEDORA-2022-3cf456dc20
Packages in this update:
python-jwt-2.4.0-1.fc36
Update description:
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
python-jwt-2.4.0-1.el9
Read Time:12 Second
FEDORA-EPEL-2022-91e9137f63
Packages in this update:
python-jwt-2.4.0-1.el9
Update description:
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
python-jwt-2.4.0-1.fc35
Read Time:11 Second
FEDORA-2022-4ae9110f51
Packages in this update:
python-jwt-2.4.0-1.fc35
Update description:
Update to 2.4.0 to address CVE-2022-29217.
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
USN-5437-1: libXfixes vulnerability
Read Time:8 Second
Tobias Stoeckmann discovered that libXfixes incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial
of service, or possibly execute arbitrary code.