CIS and AWS have produced one updated and one new CIS Benchmark to help them secure their AWS Cloud deployments.
Daily Archives: August 25, 2022
Microsoft Attributes New Post-Compromise Capability to Nobelium
MagicWeb improves on FoggyWeb by facilitating covert access directly via a malicious DLL
Talos Renews Cybersecurity Support For Ukraine on Independence Day
Cisco and Talos both have resources available to organizations in Ukraine in need of assistance
vim-9.0.246-1.fc35
FEDORA-2022-3b33d04743
Packages in this update:
vim-9.0.246-1.fc35
Update description:
Security fixes for CVE-2022-2946, CVE-2022-2923, CVE-2022-2845, CVE-2022-2889
Up to 35% more CVEs published so far this year compared to 2021
A new report from Trustwave SpiderLabs has revealed that the number of CVEs published so far this year could be as much as 35% higher than in the same period in 2021. The findings come from the security firm’s 2022 Telemetry Report. While organizations appear to be exhibiting greater awareness of effective patch management compared to last year, if current trends continue, the total number of CVEs published in 2022 will exceed that of 2021. The report also examined several high severity vulnerabilities and the extent to which they remain prevalent.
thunderbird-102.2.0-1.fc36
FEDORA-2022-33dd0f2f3e
Packages in this update:
thunderbird-102.2.0-1.fc36
Update description:
Update to 102.2.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/
thunderbird-102.2.0-1.fc35
FEDORA-2022-ddee3eb27c
Packages in this update:
thunderbird-102.2.0-1.fc35
Update description:
Update to 102.2.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/
CISA Releases Guidelines to Aid Companies Transition to Post-quantum Cryptography
The guide provides overview of potential impacts of quantum computing on National Critical Functions
DNS data indicates increased malicious domain activity, phishing toolkit reuse
New research from cybersecurity vendor Akamai has revealed that 12.3% of monitored devices communicated with domains associated with malware or ransomware at least once during the second quarter of 2022. This represented a 3% increase compared to Q1 2022, the firm stated, with phishing toolkits playing a key role in malicious domain-related activity. The findings are based on DNS data and Akamai’s visibility into carrier and enterprise traffic across different industries and geographies.
Increased malware, phishing, C2 domain activity detected in Q2 2022
In a blog post detailing its research, Akamai stated that, in addition to the devices it detected communicating with domains associated with malware/ransomware, a further 6.2% of devices accessed phishing domains with 0.8% accessing command-and-control (C2)-associated domains (both small increases on Q1 2022). “While this number might seem insignificant, the scale here is in the millions of devices,” the firm wrote. “When this is considered, with C2 being the most malignant of threats, this is not only significant, it’s cardinal.”
webkit2gtk3-2.36.7-1.fc35
FEDORA-2022-ddfeee50c9
Packages in this update:
webkit2gtk3-2.36.7-1.fc35
Update description:
Update to 2.36.7:
Fix several crashes and rendering issues.
Security fixes: CVE-2022-32793
Add provides for webkit2gtk4.0
webkit2gtk3 is getting renamed to webkit2gtk4.0 in F37+. Add provides for the new names to make it easier for other packages to depend on webkitgtk without having to conditionalize their spec files.