I disclosured a crash in potplayer last year : https://seclists.org/fulldisclosure/2021/Mar/76
And I found a new one this year, this time is a mid file. Again I contacted
Korea Internet & Security Agency(first-team () krcert or kr), they shared
report to the onwer of the potplayer, Kakao Corp as they said. But I did
not get any update after about half a year. So this is a 0day.
I cannot debug or get any useful information about the crash…
USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update
introduced a regression that caused useradd to behave incorrectly in Ubuntu
14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This
update reverts the security fix pending further investigation.
We apologize for the inconvenience.
Original advisory details:
Florian Weimer discovered that shadow was not properly copying and removing
user directory trees, which could lead to a race condition. A local attacker
could possibly use this issue to setup a symlink attack and alter or remove
directories without authorization.
The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.
A hacker has allegedly demanded Rs 200 crore in cryptocurrency from the All India Institute of Medical Science (AIIMS) after it was hit by a ransomware attack on November 23, according to a report by Press Trust of India (PTI).
The Delhi police, however, have denied the report. In a Tweet on Monday night, the law enforcement agency wrote, “Some sections of the press are reporting that ransom has been demanded against restoration of @aiims_newdelhi server. No such information brought to notice by AIIMS authorities.”
By: Mike Spanbauer, Field CTO, Security at Juniper Networks
The future of network security has a new shiny architecture to meet organizational needs with Secure Access Service Edge (SASE). Still, most network administrators are either not ready or able to decommission their existing on-premisessecurity solutions. Organizations are much more likely to need to support hybrid environments that require the support of on-premises capabilities and service-based offerings for the foreseeable future.
First, SASE is not a product but an architecture. You cannot just buy one off the shelf and plug it in. The fact is that most network decision-makers need to determine how to best leverage SASE to support the business. It is critical to engage with the ops team, as they are the most crucial stakeholder in this process, to ensure the network experience continuity is preserved. After all, this team must deploy and maintain both existing and new technologies to deliver business continuity to users and customers alike.
