There are a large number of products that support WebAuthn and other standards in the FIDO Framework. Let’s examine some of these now.
Yearly Archives: 2022
USN-5686-2: Git vulnerability
USN-5686-1 fixed several vulnerabilities in Git. This update
provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM.
Original advisory details:
Kevin Backhouse discovered that Git incorrectly handled certain command
strings. An attacker could possibly use this issue to cause a crash or
arbitrary code execution.
Zeus Botnet Suspected Leader Arrested in Geneva
Vyacheslav Igorevich Penchukov was arrested in Geneva on October 23, 2022, and is now pending extradition to the US
USN-5732-1: Unbound vulnerability
It was discovered that Unbound incorrectly handled delegations with a large
number of non-responsive nameservers. A remote attacker could possibly use
this issue to cause Unbound to consume resources, leading to a denial of
service.
Security Budget Cuts and Recession Spark Worries Among IT Admins
The report suggests 44% agree their firm will cut security spending in the next year
Hundreds of Amazon RDS Snapshots Discovered Leaking Users’ Data
More Than Half of Black Friday Spam Emails Are Scams
New research analyzes email scam techniques in the build-up to this year’s Black Friday
USN-5731-1: multipath-tools vulnerabilities
It was discovered that multipath-tools incorrectly handled symlinks. A
local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41973)
It was discovered that multipath-tools incorrectly handled access controls.
A local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. (CVE-2022-41974)
USN-5730-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
Cybersecurity Industry Must Maintain Public Faith in Technology, Says NCSC Founder
The NCSC’s founding CEO, Ciaran Martin, explains why the cyber industry is now a public good