Daily Archives: May 15, 2023

Advisories

USN-6060-3: MySQL regression

Read Time:44 Second

USN-6060-1 fixed vulnerabilities in MySQL. The new upstream 8.0.33 version
introduced a regression on the armhf architecture. This update fixes the
problem.

Original advisory details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.33 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 22.10, and Ubuntu 23.04. Ubuntu 18.04 LTS has been updated to MySQL
5.7.42.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-42.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-33.html
https://www.oracle.com/security-alerts/cpuapr2023.html

Read More

News

Micro-Star International Signing Key Stolen

Read Time:37 Second

Micro-Star International—aka MSI—had its UEFI signing key stolen last month.

This raises the possibility that the leaked key could push out updates that would infect a computer’s most nether regions without triggering a warning. To make matters worse, Matrosov said, MSI doesn’t have an automated patching process the way Dell, HP, and many larger hardware makers do. Consequently, MSI doesn’t provide the same kind of key revocation capabilities.

Delivering a signed payload isn’t as easy as all that. “Gaining the kind of control required to compromise a software build system is generally a non-trivial event that requires a great deal of skill and possibly some luck.” But it just got a whole lot easier.

Read More

News

Hackers exploit WordPress vulnerability within hours of PoC exploit release

Read Time:20 Second

Threat actors have started exploiting a recently disclosed vulnerability in WordPress, within 24 hours of the proof-of-concept (PoC) exploit being published by the company, according to a blog by Akamai.

The high-severity vulnerability, CVE-2023-30777 that affects the WordPress Advanced Custom Fields plugin, was identified by a Patchstack researcher on May 2.

To read this article in full, please click here

Read More

News

UK NCSC, ICO debunk 6 cyberattack reporting myths

Read Time:39 Second

The UK National Cyber Security Centre (NCSC) and the UK’s data protection regulator the Information Commissioner’s Office (ICO) have published a rare joint article dispelling several myths about cyberattack reporting to tackle the problem of unreported data breaches. The pair argued that, while businesses may be tempted to hide data breaches to avoid negative scrutiny, cybercriminals enjoy greater success when attacks are not reported.

In contrast, greater transparency and open discussion around cyberattacks is a positive for everyone, giving victims access to support and advice, sharing lessons learned to help improve awareness and cyber resilience, and breaking the cycle of crime to prevent others from falling victim. It’s also likely to be viewed more favourably by data protection regulators.

To read this article in full, please click here

Read More