An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
Daily Archives: August 17, 2022
java-1.8.0-openjdk-aarch32-1.8.0.345.b01-1.fc35.1
FEDORA-2022-29943d5ec5
Packages in this update:
java-1.8.0-openjdk-aarch32-1.8.0.345.b01-1.fc35.1
Update description:
8u345 update
java-1.8.0-openjdk-aarch32-1.8.0.345.b01-1.fc36.1
FEDORA-2022-bada1dbc10
Packages in this update:
java-1.8.0-openjdk-aarch32-1.8.0.345.b01-1.fc36.1
Update description:
8u345 update
New Deep Instinct partner program targets MSSPs fighting ransomware
Cybersecurity firm Deep Instinct has rolled out a new partner program to provide its endpoint and application protection software to managed security service providers (MSSPs), the company announced Wednesday.
The Stratosphere program was initially announced in April, and designed as a simplified channel program that focuses on expected partner margins, instead of set discounts on the product. Volume-based recognition and “medallion tiers” for sales are out. Instead, the company is offering “loyalty points” for achieving a range of different sales-related goals—like creating leads, getting customers certified, or completing business plans.
Universal database of device vulnerability information launched
A universal database of agentless devices currently being used on enterprise networks has been announced by DeviceTotal. The new repository allows the company’s customers to identify the accurate security posture for each device in their organization, according to the maker of a security platform for connected devices.
“It’s difficult to get information on agentless devices because every vendor publishes their data the way they want to do it,” explains DeviceTotal founder and CEO Carmit Yadin. “There’s no standardization. There’s no one place you can go today and identify the risk of a device on your network or that you want to purchase. That’s why we created this repository.”
A Parent’s Guide To The Metaverse – Part One
We’ve all heard about the Metaverse. And there’s no doubt it has certainly captured the attention of the world’s biggest companies: Facebook has changed its name to Meta, Hyundai has partnered up with Roblox to offer virtual test drives, Nike has bought a virtual shoe company and Coca-Cola is selling NFT’s there too. (Non-Fungible Tokens – think digital assets).
But if you are confused about exactly what this all means and most importantly, what the metaverse actually is, then you are not alone. I’m putting together a 2-part series for parents that will help us get a handle on exactly what this new digital frontier promises and what we need to know to keep our kids safe. It will also ensure we don’t feel like dinosaurs! So, let’s get started.
What is this Metaverse?
I think the best way of describing the Metaverse is that it’s a network of online 3D virtual worlds that mimic the real world. Once users have chosen their digital avatar, they can meet people, play games, do business, design fashion items, buy real estate, attend events, earn money, rear a pet – in fact, almost anything they can do in the ‘real’ world! And of course, all transactions are via cryptocurrencies.
If you are an avid Science Fiction reader, then you may have already come across the term in the 1992 novel ‘Snow Crash’ by Neal Stephenson. In the book, Stephenson envisions a virtual reality-based evolution of the internet in which his characters use digital avatars of themselves to explore the online world. Sounds eerily familiar, doesn’t it?
Still confused? Check out either the book or Steven Spielberg’s movie adaption of Ernest Cline’s Ready Player One. Set in 2045, the book tells the story of people living in a war-ravaged world on the brink of collapse who turn to OASIS, a massively multiplayer online simulation game that has its own virtual world and currency. In the OASIS, they engage with each other, shop, play games and be transported to different locations.
How Do You Access The Metaverse?
The best and most immersive way to access the metaverse is using a Virtual Reality (VR) headset and your internet connection, of course. VR headsets completely take over users’ vision and replace the outside world with a virtual one. Now, this maybe a game or a movie but VR headsets have their own set of apps which once downloaded, allows users to meditate, learn piano, work out at the gym or even attend a live concert in the metaverse!
Now access to the Metaverse is not just limited to those who own expensive headsets. Anyone with a computer or a smartphone (that is internet connected) can also have a metaverse experience. Of course, it won’t be as intense or immersive as the VR headset experience but it’s still a commonly used route to access the metaverse. Some of these ‘worlds’ suggest users can access their world using smartphones however experienced users don’t think this is a good idea as phones don’t have the necessary computational power to explore the metaverse properly.
As some of the most popular metaverse worlds can be accessed using your computer, why not check out Decentraland, The Sandbox, Somnium or even Second Life. In most of these worlds, users don’t have to create an account or spend money to start exploring however if you want the full experience then you’ll need to do so.
How Much Does It Cost?
Entering the metaverse doesn’t cost anything, just like going on the internet doesn’t cost anything – apart from your internet connection and hardware, of course! And don’t forget that if you want a truly immersive 3D experience, then you might want to consider investing in a VR headset.
But, if you do want to access some of the features of the metaverse and invest in some virtual real estate or perhaps buy yourself a Gucci handbag, then you will need to put your hand into your virtual pocket and spend some of your virtual dollars. But the currency you will need depends entirely on the metaverse you are in.
Decentraland’s currency MANA is considered to be the most commonly used currency in the metaverse and also one of the best to invest in, according to some experts. MANA can be used to buy land, purchase avatars, names, wearables, and other items in the Decentraland marketplace.
The Sandbox has a different currency, SAND, which is also used to buy items from The Sandbox marketplace. This is the second most popular currency however be prepared to buy the currency of the world you choose to spend your time in.
Now, I totally appreciate that the whole concept of the Metaverse is a lot to get your head around. But if you have a tribe of kids, then chances are they are going to want to be part of it so don’t put it in the too-hard basket. Take some time to get your head around it: do some more reading, talk to your friends about it and check out some of the metaverses that you can access from your PC. Nothing beats experiencing it for yourself!
In Part 2, I will be sharing my top tips and strategies to help us, parents, successfully guide our kids through the challenges and risks of the metaverse. So watch out for that.
Till, next time – keep researching!
Alex x
The post A Parent’s Guide To The Metaverse – Part One appeared first on McAfee Blog.
CISA Warns of Hackers Exploiting Multiple Vulnerabilities in the Zimbra Collaboration Suite
The advisory was compiled by CISA with the Multi-State Information Sharing & Analysis Center
RubyGems Mandates MFA for Top-100 Package Maintainers
The package manager started enforcing MFA on owners of gems with over 180 million total downloads
Organizations Struggle to Fend Off Cloud and Web Attacks
The study queries more than 950 IT and security professionals across the Americas, EMEA and APAC
Google updates Chronicle with enhanced threat detection
Google Cloud Wednesday announced the general availability of what it calls “curated detection” for its Chronicle security analysis platform. The new detection feature leverages the threat intelligence that Google gains from protecting its own user base into an automated detection service that covers everything from ransomware, infostealers and data theft to simple misconfigured systems and remote access tools.
The new product will integrate authoritative data sources like MITRE ATT&CK to help organizations contextualize and better understand potential threats, as well as providing constantly updated threat information from Google’s own security team.