Most claim to be ready to respond to an incident
Monthly Archives: October 2023
AI to Create Demand for Digital Trust Professionals, ISACA Survey Finds
Most digital trust professionals believe AI will have a positive impact on their jobs, and 23% think the number of jobs could increase because of AI
USN-6438-2: .Net regressions
USN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix
for [CVE-2023-36799](https://ubuntu.com/security/CVE-2023-36799) was incomplete. This update fixes the problem.
Original advisory details:
Kevin Jones discovered that .NET did not properly process certain
X.509 certificates. An attacker could possibly use this issue to
cause a denial of service. (CVE-2023-36799)
It was discovered that the .NET Kestrel web server did not properly
handle HTTP/2 requests. A remote attacker could possibly use this
issue to cause a denial of service. (CVE-2023-44487)
USN-6362-2: .Net regressions
USN-6362-1 fixed vulnerabilities in .Net. It was discovered that the fix
for [CVE-2023-36799](https://ubuntu.com/security/CVE-2023-36799) was incomplete. This update fixes the problem.
Original advisory details:
Kevin Jones discovered that .NET did not properly process certain
X.509 certificates. An attacker could possibly use this issue to
cause a denial of service.
DSA-5534-1 xorg-server – security update
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.
DSA-5535-1 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, clickjacking, spoofing or information leaks.
DSA-5535 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, clickjacking, spoofing or information leaks.
DSA-5534 xorg-server – security update
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.
A Vulnerability in ChromeOS Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in ChromeOS which could allow for arbitrary code execution. ChromeOS is a Linux-based operating system developed and designed by Google. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Spanish police make 34 arrests, dismantling cybercriminal gang that stole 4 million people’s data
Spanish police have arrested 34 suspected members of a criminal gang that are alleged to have run a variety of scams to steal data from over four million people.
Law enforcement agents across the country took part in 16 searches that not only seized electronic equipment and computer databases, four expensive vehicles, and $80,000 Euros but also confiscated a baseball bat, a katana, and two firearms.
Read more in my article on the Hot for Security blog.