FEDORA-2022-aa14d396dd
Packages in this update:
gnupg2-2.3.6-2.fc36
Update description:
Fix for CVE-2022-34903 (#2103242)
gnupg2-2.3.6-2.fc36
Fix for CVE-2022-34903 (#2103242)
Hundreds of thousands of people who follow the official social media accounts of the British Army may have been surprised to see that it had been hijacked by hackers on Sunday.
Read more in my article on the Hot for Security blog.
Identity and access issues topped the list of concerns of IT pros in the Cloud Security Alliance’s annual Top Threats to Cloud Computing: The Pandemic 11 report released earlier this month. “Data breaches and data loss were the top concerns last year,” says CSA Global Vice President of Research John Yeoh. “This year, they weren’t even in the top 11.”
“What that tells me is the cloud customer is getting a lot smarter,” Yeoh continues. “They’re getting away from worrying about end results—a data breach or loss is an end result—and looking at the causes of those results (data access, misconfigurations, insecure applications) and taking control of them.”
Software firm Atlassian released emergency patches for its popular Confluence Server and Data Center products after reports came to light late last week that attackers were exploiting an unpatched vulnerability in the wild. According to data from Cloudflare’s web application firewall (WAF) service, the attacks started in late May.
The vulnerability, now tracked as CVE-2022-26134, is rated critical and allows unauthenticated attackers to gain remote code execution (RCE) on servers hosting the affected Confluence versions. The company urges customers to upgrade to the newly released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1, depending on which release they use.
Vijay Bharati, CISO and senior vice president of cybersecurity practice at Happiest Minds Technologies, ranks among the few enterprise cybersecurity practitioners who handle both the overall cybersecurity business and internal security for the company.
Bharati has more than 22 years of experience across multiple domains such as identity and access management, data security, cloud security, and infrastructure security under his belt. Over the years, he has established trust and credibility with both external and internal stakeholders. In conversation with CSO India, Bharati talks about his experience working both internally and externally, how organisations can build cybersecurity ground up to minimize risks, and how India can bridge the security skills gap.
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
Multiple vulnerabilities have been discovered in various image parsers in
Blender, a 3D modeller/ renderer, which may result in denial of service
or the execution of arbitrary code if a malformed file is opened.