A vulnerability has been discovered in Apple products, which could allow for privilege escalation. Successful exploitation of this vulnerability could allow for privilege escalation in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Yearly Archives: 2023
firefox-stable-3820231006182118.1
FEDORA-FLATPAK-2023-91f636af1c
Packages in this update:
firefox-stable-3820231006182118.1
Update description:
This update provides the latest release of Firefox, with an important security fix.
CVE-2022-33160
IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.
kernel-6.5.6-300.fc39
FEDORA-2023-c3bb819677
Packages in this update:
kernel-6.5.6-300.fc39
Update description:
The 6.5.6 stable kernel update contains a number of important fixes across the tree.
kernel-6.5.6-100.fc37
FEDORA-2023-50bd7c9c12
Packages in this update:
kernel-6.5.6-100.fc37
Update description:
The 6.5.6 stable kernel update contains a number of important fixes across the tree.
kernel-6.5.6-200.fc38
FEDORA-2023-830d9ec624
Packages in this update:
kernel-6.5.6-200.fc38
Update description:
The 6.5.6 stable kernel update contains a number of important fixes across the tree.
CVE-2022-34355
IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.
DBIR 2023: SME Cyber Defense Begins with the CIS Controls
Verizon’s DBIR 2023 references the CIS Controls throughout as effective mitigation tactics for SMEs to defend against top attack patterns.
fwupd-1.9.6-1.fc38
FEDORA-2023-48c43df788
Packages in this update:
fwupd-1.9.6-1.fc38
Update description:
This release adds the following features:
Add a launchd agent for macOS
Add a new security attribute for BIOS capsule updates to be enabled
Add functionality to fix specific host security attributes
Add global information from the context into the report data
Add support for coSWID payload sections
Add support for parsing the EDID
Allow adding only-quirk instance IDs from quirk files
Install a sysusers.d systemd file when using -Dsystemd_unit_user
This release fixes the following bugs:
Allow devices to require a connected display
Allow Wacom modules to specify a status polling interval
Do not show Intel CET unsupported as success
Do not show multiple Genesys GL32xx devices for the same physical device
Fix a fuzzing timeout in the HID descriptor parser
Recalculate the SUPPORTED flag after adopting a child device
Reduce the amount of memory used when chunking large firmware
Speed up logitech-bulkcontroller firmware updates
Stop reading ownership and TPM flashes left in Dell plugin
Try to use the LVFS when using report-history –force
Write the coSWID TAG_ID as a bytestring when possible
This release adds support for the following hardware:
AMD dGPUs, Navi3x and above
Foxconn SDX12, SDX55 and SDX6X devices
Google Rex Intel USB-4 retimers
MediaTek DP AUX Scalers
Quectel EM160 module
Star Labs StarBook Mk VIr2
VLI VL105-VL109
Wacom DTH134 and DTC121 Tablets
Revealed! The top 10 cybersecurity misconfigurations, as determined by CISA and the NSA
A joint advisory from the United States’s National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) has shone a light on the top ten most common cybersecurity misconfigurations found in large private and public organisations.
Read more in my article on the Tripwire State of Security blog.