A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152.
Monthly Archives: April 2023
CVE-2013-10023
A vulnerability was found in Editorial Calendar Plugin up to 2.6. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The name of the patch is a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151.
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
Safari is a graphical web browser developed by Apple.
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
macOS Monterey is the 18th and release of macOS.
macOS Big Sur is the 17th release of macOS.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
macOS Ventura is the 19th and current major release of macOS
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Friday Squid Blogging: Squid Food Poisoning
University of Connecticut basketball player Jordan Hawkins claims to have suffered food poisoning from calamari the night before his NCAA finals game. The restaurant disagrees:
On Sunday, a Mastro’s employee politely cast doubt on the idea that the restaurant might have caused the illness, citing its intense safety protocols. The staffer, who spoke on condition of anonymity because he was not authorized to officially speak for Mastro’s, said restaurants in general were more likely to arouse suspicion when they had some rooting interest against the customer-athletes.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
CISA warns of critical flaws in ICS and SCADA software from multiple vendors
The US Cybersecurity and Infrastructure Security Agency (CISA) published seven advisories this week covering vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) software from multiple vendors. Some of the flaws are rated critical and two of them already have public exploits.
The impacted products include:
Scadaflex II controllers made by Industrial Control Links
Screen Creator Advance 2 and Kostac PLC programming software from JTEKT Electronics
Korenix JetWave industrial wireless access points and communications gateways
Hitachi Energy’s MicroSCADA System Data Manager SDM600
mySCADA myPRO software
Rockwell Automation’s FactoryTalk Diagnostics
ScadaFlex II series controllers are what’s known in the industry as packaged controllers, stand-alone systems that are built with custom software, processing power and I/O capabilities for controlling and monitoring other industrial processes. According to CISA, multiple versions of the software running on the SC-1 and SC-2 controllers are impacted by a critical vulnerability — CVE-2022-25359 with CVSS score 9.1 — that could allow unauthenticated attackers to overwrite, delete, or create files on the system.
What Parents Need To Know About TikTok’s New Screen Time Limits
Social media platforms often get a hard time by us parents. But a recent announcement by TikTok of industry first screen time limits might just be enough to win you over. On March 1, the social media platform announced that it will automatically impose a 60-minute daily screen time limit to every account belonging to a user that is under the age of 18. How good??
I hear what you’re thinking – maybe we can cross TikTok off our list of social media platforms that we need to get our head around? But no, my friends – not so fast! Tik Tok’s new screen time limits are all about parental involvement – which is why I am a fan! So, buckle-up because if you have an under 18 on TikTok (and you’re committed to their digital well-being) then my prediction is that you’ll soon know more about this social media platform than you even thought was possible!
How Do The New Screen Time Limits Work?
Over the coming weeks, every account that belongs to an under 18-year-old will automatically be set to a 60-minute daily screen time limit. Once they’ve clocked up an hour of scrolling, teens will be asked to enter a passcode, which TikTok will supply, to keep using the platform. TikTok refers to this as an ‘active decision’.
So, clearly this isn’t quite the silver bullet to all your screen time worries as teens can choose to opt out of the 60-minute limits. But if they do choose to opt out and then spend more than 100 minutes a day on the platform, they will be prompted to set a daily screen time limit. ‘Will that actually do anything?’ – I hear you say. Well, in the first month of testing this approach, TikTok found that this strategy resulted in a 234% increase in the use of its screen time management tools – a move in the right direction!
But Wait, There’s More…
But here’s the part I love the most: TikTok offers Family Pairing which allows you to link your child’s account to yours. And as soon as you enable Family Pairing, your teen is no longer in control of their own screen time.
Now, don’t get me wrong – I am not a fan of the authoritarian approach when it comes to all things tech. I do prefer a consultative ‘let’s work together’ vibe. However, TikTok’s move to involve parents in making decisions about their child’s screen time means that families will need to talk digital wellbeing more than ever before and here’s why…
Within the Family Pairings settings, parents are able to set screen time limits based on the day of the week which means homework and holidays can be worked around. There is also a dashboard that shows your child’s screen time usage, the number of times the app was opened plus a breakdown of time spent during the day and night. Now, with all this control and information, you’ll be in quite the powerful position so be prepared to be sold hard by your teen on many the benefits of TikTok!
Maybe It’s Time for A Family Digital Contract?
For years I have been a fan of creating a Family Digital Contract which means you get to outline your family’s expectations around technology use. Now the agreement can include time spent online, the sites that can be visited and even the behaviour you expect of your child when they are online. So, if your kids are avid TikTok users then I highly recommend you do this ASAP. Check out the Family Safety Agreement from the Family Online Safety Institute as a starting point but I always recommend tailoring it to suit the needs of your own tribe.
But let’s keep it real – your kids are not always going to comply, remember how you pushed the boundaries when you were young?? And that’s OK if they understand why their actions weren’t ideal and you have a suitable level of confidence that they will get back on track. However, if you have concerns that they need an additional level of structure to ensure their digital wellbeing remains intact then that’s when TikTok’s Family Pairing can work a treat!
It’s no secret that social media can be incredibly captivating, possibly even addicting, for so many. And it’s not just TikTok – Instagram, Facebook even Twitter has all been designed to give us regular hits of dopamine with each scroll, like and post. And while I know that parental controls are only one part of the solution, they can be very handy if you need to bring your tween’s usage under control.
Remember, Conversations Are King!
But when all is said and done, please remember that the strength of your relationship with your child is the best way of keeping them safe online and their wellbeing intact. If your kids know that they can come to you about any issue at all – and that you will always have their back – then you’re winning!!
So, be interested in their life – both online and offline – ask questions – who do they hang with? How do they spend their time? And remember to share your online experience with them too – get yourself a little ‘tech’ cred – because I promise they will be more likely to come to you when there is a problem.
‘Till next time – keep talking!!
Alex
The post What Parents Need To Know About TikTok’s New Screen Time Limits appeared first on McAfee Blog.
golang-1.20.3-1.fc38
FEDORA-2023-611d06c2a5
Packages in this update:
golang-1.20.3-1.fc38
Update description:
go1.20.3 (released 2023-04-04) includes security fixes to the go/parser, html/template, mime/multipart, net/http, and net/textproto packages, as well as bug fixes to the compiler, the linker, the runtime, and the time package. See the Go 1.20.3 milestone on the issue tracker for details.
golang-1.19.8-1.fc37
FEDORA-2023-7232640d17
Packages in this update:
golang-1.19.8-1.fc37
Update description:
go1.19.8 (released 2023-04-04) includes security fixes to the go/parser, html/template, mime/multipart, net/http, and net/textproto packages, as well as bug fixes to the linker, the runtime, and the time package. See the Go 1.19.8 milestone on the issue tracker for details.
golang-1.19.8-1.fc36
FEDORA-2023-ab5f0c32da
Packages in this update:
golang-1.19.8-1.fc36
Update description:
go1.19.8 (released 2023-04-04) includes security fixes to the go/parser, html/template, mime/multipart, net/http, and net/textproto packages, as well as bug fixes to the linker, the runtime, and the time package. See the Go 1.19.8 milestone on the issue tracker for details.
NTC Vulkan leak shows evolving Russian cyberwar capabilities
National habits and perspectives on waging war are not just apparent in terrestrial conflict. In cyberspace, national ways of cyberwar clearly exist. From the unusually aggressive style of Israeli responses to regional cyber threat activities to the consistent correlation between Communist Party interests and China-attributed cyber espionage, a host of examples show that diverse geopolitical interests, national political imperatives, and institutional cultures seem to produce unique flavors of cybersecurity practice.