How security leaders can effectively manage Gen Z staff

Read Time:46 Second

In 2022, I started a podcast aimed at converting more Gen Z to seek careers in cybersecurity. In doing so, I had to educate myself on what they value and realized the many differences between Gen Z and previous generations.

Gen Z refers to those born between mid-to-late 1990s and 2010, making them between the ages of 11 and 28. This means they grew up experiencing a much faster rate in which technology evolves. The first iPhone, for example, was launched in January 2007 with its successor coming out in June 2008, creating what would become an almost yearly update that made thousands of people line up in front of Apple stores across the world on release day. During the period, the internet went from a somewhat new thing to something people used daily, further increased by the easy access brought by smartphones.

To read this article in full, please click here

Read More

redis-7.0.9-1.fc38

Read Time:54 Second

FEDORA-2023-b0768fba7b

Packages in this update:

redis-7.0.9-1.fc38

Update description:

Redis 7.0.9 – Released Tue Feb 28 12:00:00 IST 2023

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion
and termination of the Redis server process.
(CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
crafted pattern to trigger a denial-of-service attack on Redis, causing it to
hang and consume 100% CPU time.

Bug Fixes

Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
Fix a crash when SPUBLISH is used after passing the cluster-link-sendbuf-limit (#11752)
Fix possible memory corruption in FLUSHALL when a client watches more than one key (#11854)
Fix cluster inbound link keepalive time (#11785)
Flush propagation list in active-expire of writable replicas to fix an assertion (#11615)
Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as MULTI-EXEC (#11788)

Read More

redis-7.0.9-1.fc37

Read Time:54 Second

FEDORA-2023-c685251667

Packages in this update:

redis-7.0.9-1.fc37

Update description:

Redis 7.0.9 – Released Tue Feb 28 12:00:00 IST 2023

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion
and termination of the Redis server process.
(CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
crafted pattern to trigger a denial-of-service attack on Redis, causing it to
hang and consume 100% CPU time.

Bug Fixes

Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
Fix a crash when SPUBLISH is used after passing the cluster-link-sendbuf-limit (#11752)
Fix possible memory corruption in FLUSHALL when a client watches more than one key (#11854)
Fix cluster inbound link keepalive time (#11785)
Flush propagation list in active-expire of writable replicas to fix an assertion (#11615)
Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as MULTI-EXEC (#11788)

Read More

redis-6.2.11-1.fc36

Read Time:39 Second

FEDORA-2023-7a98e2d545

Packages in this update:

redis-6.2.11-1.fc36

Update description:

Redis 6.2.11 – Released Tue Feb 28 12:00:00 IST 2023

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion
and termination of the Redis server process.
(CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
crafted pattern to trigger a denial-of-service attack on Redis, causing it to
hang and consume 100% CPU time.

Bug Fixes

Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
Fix cluster inbound link keepalive time (#11785)
Make sure that fork child doesn’t do incremental rehashing (#11692)

Read More

USN-5880-2: Firefox regressions

Read Time:1 Minute, 36 Second

USN-5880-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Christian Holler discovered that Firefox did not properly manage memory
when using PKCS 12 Safe Bag attributes. An attacker could construct a
PKCS 12 cert bundle in such a way that could allow for arbitrary memory
writes. (CVE-2023-0767)

Johan Carlsson discovered that Firefox did not properly manage child
iframe’s unredacted URI when using Content-Security-Policy-Report-Only
header. An attacker could potentially exploits this to obtain sensitive
information. (CVE-2023-25728)

Vitor Torres discovered that Firefox did not properly manage permissions
of extensions interaction via ExpandedPrincipals. An attacker could
potentially exploits this issue to download malicious files or execute
arbitrary code. (CVE-2023-25729)

Irvan Kurniawan discovered that Firefox did not properly validate
background script invoking requestFullscreen. An attacker could
potentially exploit this issue to perform spoofing attacks. (CVE-2023-25730)

Ronald Crane discovered that Firefox did not properly manage memory when
using EncodeInputStream in xpcom. An attacker could potentially exploits
this issue to cause a denial of service. (CVE-2023-25732)

Samuel Grob discovered that Firefox did not properly manage memory when
using wrappers wrapping a scripted proxy. An attacker could potentially
exploits this issue to cause a denial of service. (CVE-2023-25735)

Holger Fuhrmannek discovered that Firefox did not properly manage memory
when using Module load requests. An attacker could potentially exploits
this issue to cause a denial of service. (CVE-2023-25739)

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-25731,
CVE-2023-25733, CVE-2023-25736, CVE-2023-25737, CVE-2023-25741,
CVE-2023-25742, CVE-2023-25744, CVE-2023-25745)

Read More