Read Time:7 Second
FEDORA-2023-4936e4e7f1
Packages in this update:
polkit-121-4.fc37.2
Update description:
config file permission change to increase security of polkitd
Yearly Archives: 2023
Battle could be brewing over new FCC data breach reporting rules
Read Time:32 Second
On January 6, the United States Federal Communications Commission (FCC) launched a notice of proposed rulemaking (NPRM) to update its data breach reporting rules for telecommunications carriers. “The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements,” said FCC Chairwoman Jessica Rosenworcel in announcing the proceeding. “This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”
GitGuardian’s honeytokens in codebase to fish out DevOps intrusion
Read Time:26 Second
Code security provider GitGuardian has added a new honeytoken module to its platform to help customers secure their software development life cycle and software supply chains with intrusion and code leakage detection assistance.
Honeytokens are code scripts containing decoy credentials, which can be placed within a customer’s development environments to lure out attackers looking to target critical DevOps environments such as source control management (SCM) systems, continuous integration continuous deployment (CI/CD) pipelines, and software artifact registries.
polkit-122-3.fc38.1
Read Time:7 Second
FEDORA-2023-41bdb7dba8
Packages in this update:
polkit-122-3.fc38.1
Update description:
config file permission change to increase security of polkitd
US Scrambles to Investigate Military Intel Leak
KFC Owner Discloses Data Breach
Why reporting an incident only makes the cybersecurity community stronger
Read Time:36 Second
Reporting an incident to the correct authorities or vulnerability clearinghouses can be an experience fraught with frustration. You pour time, energy, and resources into fighting an intrusion, all while keeping company officials and stakeholders up to date and preventing sensitive information from getting into the wild. Explaining what happened might seem just like another layer of hard work and exposure to potential embarrassment when the details are out there for all to see.
But legislators have been pushing enterprise executives to share more information about security incidents and they’re creating new requirements in the United States and around the world to mandate the disclosure of such information. Why?
Latitude Financial Refuses to Pay Ransom
ZDI-23-381: Microsoft Windows Remote Desktop Connection Uninitialized Variable Information Disclosure Vulnerability
Read Time:14 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a remote desktop session to a host that has been compromised or otherwise under control of an attacker.
ZDI-23-382: Microsoft SharePoint WSSXmlUrlResolver Server-Side Request Forgery Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability.