Read Time:8 Second
FEDORA-2022-456b252727
Packages in this update:
tor-0.4.7.8-1.fc36
Update description:
Fix for CVE-2022-33903 (bz#2099227 / bz#2099228 / bz#2099229)
Daily Archives: June 22, 2022
#InfosecurityEurope2022: Geopolitical Tensions a “Danger” to Cybersecurity
Read Time:4 Second
During a keynote talk, Mischa Glenny explained challenges geopolitical tensions create for cybersecurity
Israeli military personnel spied on via Strava fitness-tracking app
Read Time:14 Second
The Strava fitness-tracking app is being used to spy upon members of the Israeli military, tracking their movements at secret bases across the country and potentially even help observe their activities when they travel overseas.
Read more in my article on the Hot for Security blog.
CVE-2017-20084
Read Time:25 Second
A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Address. The manipulation leads to backdoor. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2017-20083
Read Time:23 Second
A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2017-20082
Read Time:22 Second
A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component.
Defending quantum-based data with quantum-level security: a UK trial looks to the future
Read Time:20 Second
British Telecom and Toshiba have launched a trial of what they say is the world’s first commercial quantum secured metro network (QSMN) that aims to securely encrypt valuable data and information over standard fibre optic links using quantum key distribution (QKD). The companies will operate the network for an initial period of up to three years.
To read this article in full, please click here
(Insider Story)
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Read Time:31 Second
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the applications. Depending on the privileges associated with the applications, an attacker could view, change, or delete data. If these applications have been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if they were configured with administrative rights.
DSA-5167 firejail – security update
Read Time:7 Second
Matthias Gerstner discovered that the –join option of Firejail,
a sandbox to restrict an application environment, was susceptible
to local privilege escalation to root.
DSA-5168 chromium – security update
Read Time:7 Second
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.