FEDORA-EPEL-2022-73672e02b0
Packages in this update:
java-latest-openjdk-18.0.2.0.9-1.rolling.el8
Update description:
July CPU update
java-latest-openjdk-18.0.2.0.9-1.rolling.el8
July CPU update
Windows users are once again being told to update their systems with the latest security patches from Microsoft, following the discovery of critical vulnerabilities – including ones which are already being exploited in the wild, or could be used to fuel a fast-spreading worm.
Read more in my article on the Hot for Security blog.
python3.11-3.11.0~rc2-1.fc36
Update Python to 3.11.0rc2. Contains security fix for CVE-2020-10735 and other bugfixes, see https://docs.python.org/3.11/whatsnew/changelog.html#python-3-11-0-release-candidate-2
This blog was written by an independent guest blogger.
Blockchain technology has grown up in popularity in recent years. Excluding its initial application in cryptocurrency, it’s currently getting used in property, healthcare, smart contracts and many other fields.
The technology collects and stores information in groupings referred to as “blocks” and every block will hold a collection quantity of knowledge. Once a block is full, it’s in chains to the previous full block, forming an information chain, hence the good name “blockchain”.
Blockchain is predicated on the concepts of consensus, decentralization and cryptography to confirm dealings trust. However, several blockchain security problems have arisen thanks to faulty technology implementation.
To further explain blockchain security, it’s a necessity to first grasp the difference between public and private blockchain security. In terms of participation and data access capabilities, blockchain networks can have various effects. As a result, there are two forms of labeling for blockchain networks i.e., Public and Private networks.
• Public blockchain networks are open and might allow any user to join while maintaining participant anonymity.
• In private blockchain networks, identity is used to verify membership and access privileges. Also, they only accept familiar organizations to engage.
Many people are right after they believe blockchain is inherently secure. Blockchain is certainly beneficial to organizations, but it’s significant drawbacks because of specific security issues.
Here are the 8 top highest blockchain security issues and their solutions.
1. Sybil attack
In a Sybil attack, hackers generate various fake network nodes. using those nodes, the hacker will acquire majority consensus and disrupt the chain’s transactions. As a result, a large-scale Sybil assault is nothing quite a 51% attack.
To prevent Sybil attacks:
• Use acceptable consensus algorithms.
• Monitor alternative nodes’ behavior and check for the nodes that square measure solely forwarding blocks from one user.
While these algorithms might not fully prevent these attacks, they create a lot of hurdles & it’s almost impossible for hackers to carry out attacks.
The vulnerability of blockchain endpoints is another vital security concern in blockchain security.
The blockchain network’s end is wherever users act with the blockchain: on electronic devices like computers and mobile phones. Hackers will observe user behavior and target devices to steal the user’s key. This might be one of the foremost visible blockchain security problems.
To prevent end vulnerabilities:
• Do not save blockchain keys on your laptop or mobile as text files.
• Transfer and install antivirus software packages for your electronic devices.
• Review the system often, keeping track of the time, location, and device access.
A 51% attack occurs when one individual or organization (malicious hackers) collects quite 1/2 the hash rate and seizes control of the whole system, which might be disastrous. Hackers can modify the order of transactions and forestall them from being confirmed. they’ll even reverse previously completed transactions, leading to double spending.
To prevent 51% attacks:
• Ensure that the hash rate is higher.
• Improve your mining pool monitoring.
The hacker’s goal in a very phishing attack is to steal the user’s credentials. they’ll send legitimate-looking emails to the owner of the wallet key. The user is required to enter login details via an attached fake hyperlink. Having access to a user’s credentials and other sensitive information might lead to damages for both the user and therefore the blockchain network. they’re also liable to follow-up attacks.
To prevent phishing attacks:
• Improve browser security by installing a verified add-on or extension to notify you about unsafe websites.
• Improve device security by putting in malicious link detection software similarly as dependable antivirus software.
• Reconfirm with the support or partner if you receive an email requesting login details regarding the problem.
• Don’t click on the links until you’ve thoroughly reviewed it. Rather than clicking on the links, enter the address into your browser’s private tab.
• Avoid open or public cafe’s Wi-Fi networks.
• Confirm your system and software is up to date.
A blockchain network and application rely on the real-time movement of massive amounts of knowledge. Hackers can use an account’s anonymity to intercept data because it’s being transmitted to internet service providers.
In the case of a routing attack, blockchain participants are usually unaware of the threat because data transmission and operations proceed as was common. The danger is that these attacks will frequently expose confidential data or extract currency without the user’s knowledge.
To prevent routing attacks:
• Use encryption.
• Implement secure routing protocols (with certificates).
• Change passwords regularly; use strong passwords.
• Educate yourself and your workers about the risks associated with information security.
Private Key or seed phrase is the main key to your funds. If your private key is weak, it can be easy for a hacker to guess. This means that they could gain access to your funds.
Private keys should be kept secret and strong enough that they can’t be easily guessed.
Blockchain technology continues to be in its infancy and so has quantifiability problems. This implies that the network will solely handle a restricted variety of transactions at any given time. There are multiple offline solutions (L2s) & sidechains which you can use to avoid scalability issues.
The other security problems facing blockchain technology are the danger of malicious nodes. This will happen once a lousy actor joins the network and tries to disrupt it. They’ll try this by flooding the network with transactions or making an attempt to reverse valid transactions.
Although blockchain has many security vulnerabilities, cyber security professionals will do loads to remove or mitigate these problems. IT specialists with proper analytical and technical skills are well-positioned to deploy blockchain most firmly and securely. But it’s always good to have information about different attacks and the prevention techniques to secure your assets.
Many firms are still firmly in an Active Directory (AD) world. They may have moved some applications to the cloud, but key line-of-business applications still use AD. Do you remember the last time you reviewed your Active Directory security posture? Microsoft has not kept up to date with its Best practices for Securing Active Directory web page, as parts of it have warnings that it hasn’t been updated since 2013. Fortunately, other resources are available for those in need of guidance in protecting and hardening AD. Here are some of the sites that I follow and provide excellent guidance:
freeipa-4.10.0-6.fc37
samba-4.17.0-1.fc37
Update to version 4.17.0
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.