Daily Archives: January 26, 2023

Advisories

syncthing-1.23.0-2.el9

Read Time:17 Second

FEDORA-EPEL-2023-ef285688eb

Packages in this update:

syncthing-1.23.0-2.el9

Update description:

Update to version 1.23.0.

Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0

Additionally, this update was built with a version of golang that addresses CVE-2022-41717, and it fixes the installation of icon files.

Read More

Advisories

golang-1.18.9-1.el7

Read Time:18 Second

FEDORA-EPEL-2023-970698785b

Packages in this update:

golang-1.18.9-1.el7

Update description:

Update to golang-1.18.9 using the same patches as on EL8, including security fixes for CVE-2022-32189, CVE-2022-27664, CVE-2022-27664, CVE-2022-32190, CVE-2022-41715, CVE-2022-2880, CVE-2022-2879, CVE-2022-41720, and CVE-2022-41717

Read More

News

ShinyHunters suspect extradited to United States from Morocco, could face 116 years in jail if convicted

Read Time:21 Second

A 22-year-old suspected of being “Seyzo”, a member of the ShinyHunters cybercrime gang, has been extradited from Morocco to the United States, where – if convicted – he could face up to 116 years in prison.

The ShinyHunters gang became notorious in 2020, following a series of data breaches that impacted over 60 companies – including Microsoft.

Read more in my article on the Tripwire State of Security blog.

Read More

Advisories

[RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin

Read Time:23 Second

Posted by RedTeam Pentesting GmbH on Jan 26

RedTeam Pentesting identified a vulnerability which allows attackers to
craft URLs to any third-party website that result in arbitrary content
to be injected into the response when accessed through the Secure Web
Gateway. While it is possible to inject arbitrary content types, the
primary risk arises from JavaScript code allowing for cross-site
scripting.

Details
=======

Product: Secure Web Gateway
Affected Versions: 10.2.11, potentially other…

Read More