USN-5696-2: MySQL vulnerabilities

Read Time:30 Second

USN-5696-1 fixed several vulnerabilities in MySQL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.7.40 in Ubuntu 16.04 ESM.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-40.html
https://www.oracle.com/security-alerts/cpuoct2022.html

Read More

USN-5702-1: curl vulnerabilities

Read Time:52 Second

Robby Simpson discovered that curl incorrectly handled certain POST
operations after PUT operations. This issue could cause applications using
curl to send the wrong data, perform incorrect memory operations, or crash.
(CVE-2022-32221)

Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc
files. If an attacker were able to provide a specially crafted .netrc file,
this issue could cause curl to crash, resulting in a denial of service.
This issue only affected Ubuntu 22.10. (CVE-2022-35260)

It was discovered that curl incorrectly handled certain HTTP proxy return
codes. A remote attacker could use this issue to cause curl to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915)

Hiroki Kurosawa discovered that curl incorrectly handled HSTS support
when certain hostnames included IDN characters. A remote attacker could
possibly use this issue to cause curl to use unencrypted connections. This
issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42916)

Read More

Microsoft Event Log vulnerabilities threaten some Windows operating systems

Read Time:36 Second

A pair of newly discovered vulnerabilities have highlighted the ongoing risks posed by Internet Explorer’s (IE) deep integration into the Windows ecosystem, despite Microsoft ending support for IE in June 2022.

Discovered by the Varonis Threat Labs team, the exploits affect an IE-specific Event Log that is present on all current Windows operating systems up to, but not including, Windows 11. The vulnerabilities, dubbed LogCrusher and OverLog by the researchers, have been reported to Microsoft, which released a partial patch on October 11, 2022. Teams are urged to patch systems and monitor suspicious activity to mitigate security risks which include event log crashing and remote denial-of-service (DoS) attacks.

To read this article in full, please click here

Read More

For some, accounting is more than just spreadsheets! Vernon’s McAfee Journey

Read Time:2 Minute, 6 Second

Vernon has been our Manager of Technical Accounting for more than two years, but that doesn’t mean he’s buried in spreadsheets and numbers all day. He’s a part of our team of experts for the complex, technical accounting projects that pop up.

My McAfee career journey story

It’s been an amazing ride so far. My team touches on several areas of responsibility, including financial period closing, financial reporting, and accounting for complex transactions.

​​​​​​​The most rewarding part of my role is definitely the variety and complexity – they really go hand-in-hand and I enjoy asking questions and figuring out the solutions, even when there is not always a textbook answer. I enjoy the challenge of working collectively with a team to find solutions by applying research and experience to a set of facts.

It’s also rewarding to be able to collaborate with auditors and other stakeholders who would be interested in the results.

Talent and collaboration – a rare combo

​​​​​​​My favorite thing about working at McAfee is the team. We have an amazing team. It’s full of really smart people. I’ve seen some companies try and find the best talent they can, but McAfee has just taken that to a whole different level. Everyone in their respective areas is really tuned in to the broader effort and we work well together. At McAfee, we enjoy both a high level of talent and collaborative effort. You don’t often find both in the same place. ​​​​​​​

My leadership philosophy

I really believe that each person brings certain strengths to the table, and they should be able to exercise those strengths to develop and expand their capabilities. Once those natural roles are established, it’s best to trust them to determine how best to perform in their roles and collaborate with the team in achieving results that add value to the broader group.

My advice for anyone looking to drive their career forward is

​​​​​​​First, expect the unexpected – consider each new experience an opportunity for personal growth.

Secondly, get involved in projects. If you have the opportunity to do something different or work with a cross-functional team, do it. It builds your own skill base, which opens the door for greater future opportunities and you get to meet people outside of your own department and develop relationships that may prove valuable over time.

The post For some, accounting is more than just spreadsheets! Vernon’s McAfee Journey appeared first on McAfee Blog.

Read More