Read Time:8 Second
It was discovered that the c_rehash script included in OpenSSL did not
sanitise shell meta characters which could result in the execution of
arbitrary commands.
Monthly Archives: June 2022
Multiple Vulnerabilities in WatchGuard Firebox and XTM appliances Could Allow for Remote Code Execution
Read Time:18 Second
Multiple vulnerabilities have been discovered in WatchGuard Firebox and XTM appliances, the most severe of which could allow for Remote code execution. WatchGuard Firebox is a unified security platform that gives IT professionals the network visibility tools to ensure enterprise-grade security. Depending on the privileges associated with the applications, an attacker could view, change, or delete data.
golang-x-net-0-0.60.20200807gitab34263.el8 golang-x-text-0.3.7-1.el8
Read Time:16 Second
FEDORA-EPEL-2022-46b9d78e30
Packages in this update:
golang-x-net-0-0.60.20200807gitab34263.el8
golang-x-text-0.3.7-1.el8
Update description:
golang-x-text
Update to 0.3.7. Fixes rhbz#1945761.
Mitigate CVE-2021-38561 (rhbz#2100495).
golang-x-net
Rebuild to mitigate CVE-2021-38561 (rhbz#2100495).
Friday Squid Blogging: Squid Cubes
Read Time:14 Second
Researchers thaw squid frozen into a cube and often make interesting discoveries. (Okay, this is a weird story.)
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
#InfosecurityEurope2022: Preparing for Future Challenges and Opportunities
Read Time:4 Second
The closing keynote panel explored how we can anticipate the future of cybercrime
Mitek launches MiVIP platform to fight identity theft
Read Time:34 Second
A new easy-to-deploy identity platform was announced this week to help address growing concerns about identity theft. The Mitek Verified Identity Platform (MiVIP) melds the company’s mobile technologies with those of its recent acquisitions to give its customers flexible control over their consumers’ experiences.
With MiVIP, customers have the ability to orchestrate the full range of authentication technologies offered by Mitek, including biometrics, geolocation, politically exposed persons (PEPS) and sanctions, and bureau checks. Those technologies, together with those from recent acquisitions HooYu and ID R&D, enable MiVIP to address the security of the entire transaction lifecycle, according to Mitek.
Italian spyware firm is hacking into iOS and Android devices, Google says
Read Time:6 Second
RCS Lab spyware uses known exploits to install harmful payloads and steal private user data, according to a Google report.
#InfosecurityEurope2022: The Interactivity Between Nation-State Attackers and Organized Crime Gangs
Read Time:3 Second
Geoff White also touched upon the emerging world of cryptocurrency theft
Explore Cloud Security with CIS at AWS re:Inforce 2022
Read Time:6 Second
CIS Hardened Images can assist with your cloud security. That’s one of the messages we’re bringing to AWS re:Inforce 2022.
CVE-2013-1916
Read Time:14 Second
In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.