Read Time:6 Second
FEDORA-2022-18e14f460c
Packages in this update:
openexr-3.1.4-1.fc36
Update description:
New upstream release 3.1.4
Yearly Archives: 2022
openexr-3.1.4-1.fc35
Read Time:6 Second
FEDORA-2022-5cdfa7faa5
Packages in this update:
openexr-3.1.4-1.fc35
Update description:
New upstream release 3.1.4
HackerOne calls for end of security by obscurity
Read Time:24 Second
HackerOne, a bug bounty platform provider, offered a blueprint for greater corporate security responsibility and called for a shift from secrecy to transparency when dealing with vulnerabilities in a report released Thursday.
Organizations are increasingly scrutinizing the practices of their suppliers, basing procurement decisions on security credentials and switching suppliers should the company have experienced a security incident, the report noted. Demonstrating secure best practices is now a competitive differentiator.
USN-5320-1: Expat vulnerabilities and regression
Read Time:47 Second
USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it
caused a regression and an additional patch was required. This update address
this regression and several other vulnerabilities.
It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-25313)
It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash
or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314)
It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-25315)
Original advisory details:
It was discovered that Expat incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2022-25236)
Dirty Pipe root Linux vulnerability can also impact containers
Read Time:31 Second
The dangerous Linux privilege escalation flaw dubbed Dirty Pipe that was recently disclosed could also impact applications and systems that use containerization through tools such as Docker, researchers warn. This follows a different privilege escalation vulnerability that was patched last week and could lead to container escapes.
Dirty Pipe “could enable an attacker to effectively modify containers that are running against a shared image, or to poison an image on a host so that new containers would receive modified files,” researcher Rory McCune from cloud security firm Aqua Security said in a blog post.
Where’s the Russia-Ukraine Cyberwar?
Read Time:27 Second
It has been interesting to notice how unimportant and ineffective cyber operations have been in the Russia-Ukraine war. Russia launched a wiper against Ukraine at the beginning, but it was found and neutered. Near as I can tell, the only thing that worked was the disabling of regional KA-SAT SATCOM terminals.
It’s probably too early to reach any conclusions, but people are starting to write about this, with varying theories.
I want to write about this, too, but I’m waiting for things to progress more.
90% of MSPs Hit By a Successful Cyber-Attack in the Past 18 Months
Read Time:6 Second
The research indicates that MSPs are becoming more of a primary target for cyber-criminals than their customers
UK Security Agency Issues New Guidance on Data Center Protection
Conti Group Spent $6m on Salaries, Tools and Services in a Year
Should CISOs stop using Russian security and tech products?
Read Time:42 Second
The Ukraine-Russia conflict has raised the question of whether organizations should stop using Russian-made security and tech products and the risks of continuing to do so in the current situation. CSO spoke with security leaders, researchers, and analysts about this significant issue and the implications for CISOs, businesses, and the wider sector.
Ending use of Russian security and tech products
“From a moral standpoint, CISOs should absolutely stop using Russian-made security and technology products. However, from a security-related standpoint, it’s much murkier,” says Shawn Smith, researcher and director of infrastructure at nVisium. “There is always conflict in the world, and while you should always evaluate backups in situations like this, the products created by Russians aren’t any less secure now than they were a month ago.”