The White House released its long-anticipated National Cybersecurity Strategy, a comprehensive document that offers fundamental changes in how the US allocates “roles, responsibilities, and resources in cyberspace.” The strategy involved months of discussions among more than 20 government agencies and countless consultations with private sector organizations. It encompasses virtually all the weaknesses and challenges inherent in cybersecurity, from software vulnerabilities to internet infrastructure vulnerabilities to workforce shortages.
Monthly Archives: March 2023
McAfee Awarded Best Protection by the Labs at AV-TEST
Each year the independent labs at AV-TEST announce their best products in IT security, and McAfee has come out on top with AV-TEST’s award for “Best Protection.”
McAfee received the award across a field of 20 different products assessed by AV-TEST, which included evaluation across three key categories:
Protection from malware.
Performance speed.
User-friendliness of the app.
Maik Morgenstern, CEO of AV-TEST, said: “The test category of protection is an elite discipline in the lab of AV-TEST. That is why we are particularly pleased that we were able to confer such an important and coveted award on McAfee. The consumer user product Total Protection demonstrated with perfect detection in all lab tests that it earned the AV-TEST Best Protection 2022 Award for Consumer Users.”
Their labs utilize thousands of rigorous real-world tests that determine how well online protection performs against known, new, and emerging threats—such as previously unknown zero-day malware, drive-by attacks, malicious downloads from websites, attacks via infected emails, ransomware, and many more.
“Recognition from AV-TEST is an honor,” says Chief Technology Officer, Steve Grobman. “Their reputation for analysis and quality assurance stands tall and further reinforces our leadership in online protection. Grobman also continued to say, “With the internet now an integral part of our daily lives, cybercriminals have stepped in to take advantage of that reliance. As ever, we’re committed to staying one step ahead of them so that people can confidently enjoy their lives online.”
Get a free 30-day trial of McAfee Total Protection, which includes McAfee’s award-winning anti-malware technology plus identity monitoring, Secure VPN, and safe browsing for all-in-one online protection.
The post McAfee Awarded Best Protection by the Labs at AV-TEST appeared first on McAfee Blog.
Gitpod flaw shows cloud-based development environments need security assessments
Researchers from cloud security firm Snyk recently discovered a vulnerability that would have allowed attackers to perform full account takeover and remote code execution (RCE) in Gitpod, a popular cloud development environment (CDE). Cloud-based development environments are popular because they’re easier to deploy and maintain than local ones and promise better security. However, organizations should properly assess security risks CDEs can introduce and are unique to their architectures, especially since they haven’t received much scrutiny from the security community.
“Many questions remain unanswered with the adoption of cloud-based development environments: What happens if a cloud IDE workspace is infected with malware? What happens when access controls are insufficient and allow cross-user or even cross-organization access to workspaces? What happens when a rogue developer exfiltrates company intellectual property from a cloud-hosted machine outside the visibility of the organization’s data loss prevention or endpoint security software?,” the Snyk researchers said in their report, which is part of a larger project to investigate the security of CDEs.
strongswan-5.9.10-1.el8
FEDORA-EPEL-2023-cf1c0e2ced
Packages in this update:
strongswan-5.9.10-1.el8
Update description:
Update to 5.9.10 that fixes CVE-2023-26463
strongswan-5.9.10-1.el9
FEDORA-EPEL-2023-95d098a2d9
Packages in this update:
strongswan-5.9.10-1.el9
Update description:
Update to 5.9.10 that fixes CVE-2023-26463
strongswan-5.9.10-1.fc37
FEDORA-2023-25800591ef
Packages in this update:
strongswan-5.9.10-1.fc37
Update description:
Update to 5.9.10 for CVE-2023-26463
strongswan-5.9.10-1.fc38
FEDORA-2023-9fb10d880d
Packages in this update:
strongswan-5.9.10-1.fc38
Update description:
Update to 5.9.10 for CVE-2023-26463
USN-5910-1: Rack vulnerabilities
It was discovered that Rack did not properly structure regular expressions
in some of its parsing components, which could result in uncontrolled
resource consumption if an application using Rack received specially
crafted input. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-44570, CVE-2022-44571)
It was discovered that Rack did not properly structure regular expressions
in its multipart parsing component, which could result in uncontrolled
resource consumption if an application using Rack to parse multipart posts
received specially crafted input. A remote attacker could possibly use
this issue to cause a denial of service. This issue was only fixed in
Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2022-44572)
API Security Flaw Found in Booking.com Allowed Full Account Takeover
The vulnerabilities could affect users logging into the site via their Facebook accounts
Vice Society publishes data stolen during Vesuvius ransomware attack
A notorious ransomware gang has claimed responsibility for a cyber attack against Vesuvius, the London Stock Exchange-listed molten metal flow engineering company.