Read Time:3 Second
Blender.io is the first crypto mixing service to be hit
Monthly Archives: May 2022
23 DevSecOps tools for baking security into the development process
Read Time:42 Second
Because of DevOps’ agile, continuous, and fast nature, building in security is essential, but many organizations struggle to do so. While that struggle is often a cultural lack of organizational priority, or even a process challenge, good tools can help enterprises to put the Sec in DevOps. These tools help organizations to help keep security embedded within DevOps organizations by making developers, operations teams, and security teams on the same page when it comes to managing risks.
The need for DevSecOps is growing, fueled by rapid expansion of custom code development, Emergen Research estimates the demand for DevSecOps tools will grow from $2.55 billion in 2020 to just over $23 billion by 2028. Below is a roundup of some of the most important tools in the core DevSecOps categories.
Security leaders chart new post-CISO career paths
Read Time:35 Second
Mike Engle started on the CISO career track early in his career, moving up to senior vice president of information and corporate security at Lehman Brothers in the early 2000s
Engle says he thought the professional path was a good fit, explaining that he found security technologies, such as encryption, fascinating and the cat-and-mouse aspects of the work challenging.
“I liked that thrill of putting solutions in place that stop something bad from happening,” he adds.
But Engle says he didn’t like other aspects of his position, particularly the governance and regulatory requirement tasks that intensified following the 2002 passage of the Sarbanes-Oxley Act.
London Police Warn of Crypto Muggings – Report
US Government Offers $15m Reward for Info on Conti Actors
rsyslog-8.2204.0-1.fc37
Read Time:19 Second
FEDORA-2022-f2c4c83cc1
Packages in this update:
rsyslog-8.2204.0-1.fc37
Update description:
Automatic update for rsyslog-8.2204.0-1.fc37.
Changelog
* Mon May 9 2022 Attila Lakatos <alakatos@redhat.com> – 8.2204.0-1
– rebase to 8.2204.0
resolves: rhbz#1951970
– CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server
resolves: rhbz#2082302
rsyslog-8.2204.0-1.fc36
Read Time:12 Second
FEDORA-2022-7988dad217
Packages in this update:
rsyslog-8.2204.0-1.fc36
Update description:
Rebase to 8.2204.0
Add patch to resolve potential heap buffer overflow, details: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
rsyslog-8.2204.0-1.fc35
Read Time:12 Second
FEDORA-2022-f796a28a7b
Packages in this update:
rsyslog-8.2204.0-1.fc35
Update description:
Rebase to 8.2204.0-1
Add patch resolving a potential heap buffer overflow, details: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
USN-5244-2: DBus vulnerability
Read Time:20 Second
USN-5244-1 fixed a vulnerability in DBus. This update provides
the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
Daniel Onaca discovered that DBus contained a use-after-free vulnerability,
caused by the incorrect handling of usernames sharing the same UID. An
attacker could possibly use this issue to cause DBus to crash, resulting
in a denial of service.
ZDI-22-716: Zoom Client Link Following Local Privilege Escalation Vulnerability
Read Time:11 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Zoom Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.