Sorting zero-trust hype from reality

Read Time:29 Second

It seems as if everyone is playing “buzzword bingo” when it comes to zero trust and its implementation, and it starts with government guidance. The White House’s comments in January on the Office of Management and Budget’s (OMB’s) Federal Zero Trust Strategy for all federal agencies and departments were both pragmatic and aspirational. Their observation, citing the Log4j vulnerability as an example, sums it up nicely: “The zero-trust strategy will enable agencies to more rapidly detect, isolate, and respond to these types of threats.”

To read this article in full, please click here

Read More

rubygem-puma-5.6.5-1.fc38

Read Time:26 Second

FEDORA-2022-7bc0f14a13

Packages in this update:

rubygem-puma-5.6.5-1.fc38

Update description:

Automatic update for rubygem-puma-5.6.5-1.fc38.

Changelog

* Thu Aug 25 2022 Vít Ondruch <vondruch@redhat.com> – 5.6.5-1
– Update to Puma 5.6.5.
Resolves: rhbz#2046576
Resolves: rhbz#2113697
Resolves: rhbz#2071625
Resovles: rhbz#2054212
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> – 5.5.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

Read More

CVE-2021-41781

Read Time:10 Second

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.

Read More

CVE-2021-41780

Read Time:10 Second

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.

Read More

CVE-2021-40326

Read Time:12 Second

Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.

Read More

A Vulnerability in Atlassian Bitbucket Server and Data Center Could Allow For Remote Code Execution

Read Time:21 Second

A Vulnerability has been discovered in Atlassian Bitbucket Server and Data Center which could allow for remote code execution. Bitbucket is a Git-based source code repository hosting service owned by Atlassian. Successful exploitation could allow the attacker to execute remote code in context of the application. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

Read More