Read Time:9 Second
FEDORA-2022-90162a1d88
Packages in this update:
kernel-6.0.15-300.fc37
Update description:
The 6.0.15 stable kernel update contains a number of important fixes across the tree.
Daily Archives: December 21, 2022
CVE-2020-36623
Read Time:20 Second
A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475.
CVE-2020-36622
Read Time:18 Second
A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommended to apply a patch to fix this issue. The identifier VDB-216473 was assigned to this vulnerability.
CVE-2020-36621
Read Time:21 Second
A vulnerability, which was classified as problematic, has been found in chedabob whatismyudid. Affected by this issue is the function exports.enrollment of the file routes/mobileconfig.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is bb33d4325fba80e7ea68b79121dba025caf6f45f. It is recommended to apply a patch to fix this issue. VDB-216470 is the identifier assigned to this vulnerability.
CVE-2020-36620
Read Time:21 Second
A vulnerability was found in Brondahl EnumStringValues 4.0.1. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.2 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability.
Cyber-Incident Causes System Failures at Canadian Children’s Hospital
Read Time:6 Second
The ongoing incident has impacted clinical and corporate systems, as well as some hospital phone lines and webpages
BrandPost: The Next Big Attack Vector: Your Supply Chain
Read Time:1 Minute, 3 Second
There’s an old security adage: a chain is only as strong as its weakest link. The sentiment long predates Information and Communications Technology (ICT), but it’s never been more relevant. With modern ICT connecting millions of systems worldwide, there are exponentially more “links” to worry about. That’s especially true when we shift our focus from defending against external threats, which organizations have gotten pretty good at, to those originating inside an organization’s sphere of trust. Here, we have work to do — starting with the ICT supply chain itself.
Today’s supply chains are a modern marvel. Vast webs of suppliers, manufacturers, integrators, shipping carriers, and others allow vendors to build ICT products more cost-effectively and to quickly deliver them to customers anywhere. But modern supply chains also increase the number of parties with access to those products — and the number of potential weak links that cybercriminals could seek to exploit. By targeting an organization’s hardware or software supply chain, hackers can compromise an ICT product before it’s even deployed. And, since that product is coming from a supplier the target implicitly trusts, the compromise may go undetected until it’s too late.
curl-7.85.0-5.fc37
Read Time:12 Second
FEDORA-2022-d7ee33d4ad
Packages in this update:
curl-7.85.0-5.fc37
Update description:
smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
http: use the IDN decoded name in HSTS checks (CVE-2022-43551)
curl-7.82.0-12.fc36
Read Time:12 Second
FEDORA-2022-9836111c44
Packages in this update:
curl-7.82.0-12.fc36
Update description:
smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
http: use the IDN decoded name in HSTS checks (CVE-2022-43551)
US Most Impacted by Data Breaches in the Financial Industry in 2022
Read Time:8 Second
While 57% of these breaches were attributed to different types of malware, ATM skimming still accounted for 6.5% of all attacks targeting the financial sector