Ukrainian targets are on the receiving end of RansomBoggs variant
Yearly Archives: 2022
Top 7 CIAM tools
Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. To helps organizations compare their needs against the options in the market, CSO prepared a list with the top seven vendors in the market.
To decide for the right CIAM product, organizations must balance the ease of the login experience with a kaleidoscope of business goals for how customers sign-in and leverage their accounts. Marketers want to collect data about customers and their devices. Privacy officers want to ensure the data collection process is fully compliant with privacy regulations. And security and risk professionals want to ensure the integrity of accounts and minimize fraudulent usages of customer credentials.
Here is why you should have Cobalt Strike detection in place
Google recently released a list of YARA detection rules for malicious variants of the legitimate Cobalt Strike penetration testing framework that are being used by hackers in the wild. Cobalt Strike is a commercial attack framework designed for red teams that has also been adopted by many threat actors, from APT groups to ransomware gangs and other cybercriminals.
Living off the land is a common tactic
The abuse by attackers of system administration, forensic, or security tools that are either already installed on systems or can be easily deployed without raising suspicion has become extremely common. The use of this tactic, known as living off the land (LOTL), used to be a telltale sign of sophisticated cyberespionage groups who moved laterally through environments using manual hacking and placed great value on stealth.
African Police Bust $800K Fraud Schemes
USN-5744-1: libICE vulnerability
It was discovered that libICE was using a weak mechanism to generate the
session cookies. A local attacker could possibly use this issue to perform
a privilege escalation attack.
slurm-22.05.6-1.fc38
FEDORA-2022-6a9dc1d46b
Packages in this update:
slurm-22.05.6-1.fc38
Update description:
Automatic update for slurm-22.05.6-1.fc38.
Changelog
* Sun Nov 27 2022 Philip Kovacs <pkfed@fedoraproject.org> – 22.05.6-1
– Update to 22.05.6 (#2131112)
– Update deprecated vars in slurm.conf (#2133159)
* Tue Sep 6 2022 Philip Kovacs <pkfed@fedoraproject.org> – 22.05.3-2
– Add slurm to epel9 (#2072632); update spec for epel 7/8/9
– Use * Mon Nov 28 2022 Fedora Project – 22.05.6-1.fc38
– local build macro; add changelog file
* Mon Sep 5 2022 Philip Kovacs <pkfed@fedoraproject.org> – 22.05.3-1
– Update to 22.05.3
– Thanks Cristian Le (fedora@lecris.me) for his contributions
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> – 21.08.8-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> – 21.08.8-3
– Perl 5.36 rebuild
* Mon May 9 2022 Philip Kovacs <pkfed@fedoraproject.org> – 21.08.8-2
– Update to 21.08.8-2 (upstream re-release)
* Thu May 5 2022 Carl George <carl@george.computer> – 21.08.8-1
– Update to 21.08.8, resolves: rhbz#2082276
– Fix CVE-2022-29500, resolves: rhbz#2082286
– Fix CVE-2022-29501, resolves: rhbz#2082289
– Fix CVE-2022-29502, resolves: rhbz#2082293
* Sat Apr 2 2022 Philip Kovacs <pkfed@fedoraproject.org> – 21.08.6-1
– Update to 21.08.6
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> – 21.08.5-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jan 14 2022 Philip Kovacs <pkfed@fedoraproject.org> – 21.08.5-1
– Update to 21.08.5
* Sun Nov 21 2021 Orion Poplawski <orion@nwra.com> – 21.08.4-2
– Rebuild for hdf5 1.12.1
* Wed Nov 17 2021 Philip Kovacs <pkfed@fedoraproject.org> – 21.08.4-1
– Update to 21.08.4
– Closes security issue CVE-2021-43337
* Sun Oct 31 2021 Philip Kovacs <pkfed@fedoraproject.org> – 21.08.2-2
– Correct log rotation problems (#2016683, #2018508)
* Fri Oct 8 2021 Philip Kovacs <pkfed@fedoraproject.org> – 21.08.2-1
– Update to 21.08.2
– Added Fedora patches to support pmix v4
– Remove slurm-pmi(-devel) subpackages
* Tue Aug 10 2021 Orion Poplawski <orion@nwra.com> – 20.11.8-4
– Rebuild for hdf5 1.10.7
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> – 20.11.8-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sat Jul 10 2021 Björn Esser <besser82@fedoraproject.org> – 20.11.8-2
– Rebuild for versioned symbols in json-c
* Sat Jul 3 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.8-1
– Update to 20.11.8
* Tue May 25 2021 Jitka Plesnikova <jplesnik@redhat.com> – 20.11.7-4
– Perl 5.34 re-rebuild updated packages
* Mon May 24 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.7-3
– Move auth_jwt.so plugin to base package (#1947878)
* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> – 20.11.7-2
– Perl 5.34 rebuild
* Sat May 15 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.7-1
– Update to 20.11.7
– Closes security issue CVE-2021-31215
* Tue May 4 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.6-1
– Release of 20.11.6
* Mon Apr 12 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.5-2
– Add subpackage slurm-slurmrestd (Slurm REST API daemon)
* Fri Mar 26 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.5-1
– Release of 20.11.5
* Tue Mar 2 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> – 20.11.3-3
– Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> – 20.11.3-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jan 19 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.3-1
– Release of 20.11.3
* Wed Jan 6 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.2-2
– Minor spec adjustments
* Tue Jan 5 2021 Philip Kovacs <pkfed@fedoraproject.org> – 20.11.2-1
– Release of 20.11.2
DSA-5291 mujs – security update
Multiple security issues were discovered in MuJS, a lightweight
JavaScript interpreter, which could result in denial of service
and potentially the execution of arbitrary code.
DSA-5290 commons-configuration2 – security update
Apache Commons Configuration, a Java library providing a generic configuration
interface, performs variable interpolation, allowing properties to be
dynamically evaluated and expanded. Starting with version 2.4 and continuing
through 2.7, the set of default Lookup instances included interpolators that
could result in arbitrary code execution or contact with remote servers. These
lookups are: – script – execute expressions using the JVM script execution
engine (javax.script) – dns – resolve dns records – url – load values from
urls, including from remote server applications using the interpolation
defaults in the affected versions may be vulnerable to remote code execution or
unintentional contact with remote servers if untrusted configuration values are
used.
DSA-5289 chromium – security update
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code.
CVE-2022-24999 (express, qs)
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has “deps: qs@6.9.7” in its release description, is not vulnerable).