Update to golang-1.18.9 using the same patches as on EL8, including security fixes for CVE-2022-32189, CVE-2022-27664, CVE-2022-27664, CVE-2022-32190, CVE-2022-41715, CVE-2022-2880, CVE-2022-2879, CVE-2022-41720, and CVE-2022-41717
Websites used by the Hive ransomware-as-a-service gang to extort ransoms and leak data stolen from corporate victims have been seized in a joint operation involving police around the world.
A 22-year-old suspected of being “Seyzo”, a member of the ShinyHunters cybercrime gang, has been extradited from Morocco to the United States, where – if convicted – he could face up to 116 years in prison.
The ShinyHunters gang became notorious in 2020, following a series of data breaches that impacted over 60 companies – including Microsoft.
Read more in my article on the Tripwire State of Security blog.
RedTeam Pentesting identified a vulnerability which allows attackers to
craft URLs to any third-party website that result in arbitrary content
to be injected into the response when accessed through the Secure Web
Gateway. While it is possible to inject arbitrary content types, the
primary risk arises from JavaScript code allowing for cross-site
scripting.
Details
=======
Product: Secure Web Gateway
Affected Versions: 10.2.11, potentially other…