Daily Archives: February 15, 2023

Advisories

flatpak-runtime-f37-3720230215003302.1 flatpak-sdk-f37-3720230215003302.1

Read Time:17 Second

FEDORA-FLATPAK-2023-7d1076912b

Packages in this update:

flatpak-runtime-f37-3720230215003302.1
flatpak-sdk-f37-3720230215003302.1

Update description:

Updated flatpak runtime and SDK, including latest Fedora 37 security and bug-fix errata.

In addition to regular package updates, this also adds double-conversion package to the runtime as it’s a new dep of qt5-qtbase.

Read More

News

5 biggest risks of using third-party services providers

Read Time:46 Second

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work that would otherwise require significant effort and potentially drain in-house resources to those who can do it for you.

The use of third-party services can also come with significant—often unforeseen—risks. Third parties can be a gateway for intrusions, harm a company’s reputation if a service malfunctions, expose it to financial and regulatory issues, and draw the attention of bad actors from around the world. A poorly managed breakup with a vendor can also be perilous, resulting in the loss of access to systems put in place by the third party, loss of custody of data, or loss of data itself.

To read this article in full, please click here

Read More

News

Gulp! Pepsi hack sees personal information stolen by data-stealing malware

Read Time:18 Second

Towards the end of last year, malicious hackers broke into the systems of Pepsi Bottling Ventures, the largest privately-owned bottler of Pepsi-Cola beverages in the USA, and installed malware.

For almost the month the malware secretly exfiltrated personally identifiable information (PII) from the company’s network.

Read more in my article on the Hot for Security blog.

Read More

News

Descope launches authentication and user management SaaS

Read Time:1 Minute, 6 Second

Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now. Developers can access the product free of charge for up to 7,500 monthly active uses for B2C applications and up to 50 tenants for B2B apps. Beyond these there is a US$0.10 per user and US$20 per tenant.

The Descope platform aims to make it easier to build passwordless authentication, according to the company. Descope says the new product allows organizations to:

Create authentication flows and user-facing screens using a visual workflow designer.
Seamlessly add a variety of passwordless authentication methods to apps such as magic links, biometrics and passkeys (based on WebAuthn), authenticator apps, and social logins.
Validate, merge, and manage identities across the user journey.
Get business apps enterprise-ready with single sign-on (SSO), access control, tenant management, and automated user provisioning.
Enhance user protection by easily enabling multi-factor authentication (MFA), step-up, or biometric authentication within applications.

Descope’s platform offers different integration options: a no-code workflow builder and screen editor, a set of client and backend SDKs, and comprehensive REST APIs.

To read this article in full, please click here

Read More

Advisories

USN-5872-1: NSS vulnerabilities

Read Time:21 Second

Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7
sequence. A remote attacker could possibly use this issue to cause NSS to
crash, resulting in a denial of service. (CVE-2022-22747)

Ronald Crane discovered that NSS incorrectly handled certain memory
operations. A remote attacker could use this issue to cause NSS to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2022-34480)

Read More