FEDORA-2023-4936e4e7f1
Packages in this update:
polkit-121-4.fc37.2
Update description:
config file permission change to increase security of polkitd
polkit-121-4.fc37.2
config file permission change to increase security of polkitd
On January 6, the United States Federal Communications Commission (FCC) launched a notice of proposed rulemaking (NPRM) to update its data breach reporting rules for telecommunications carriers. “The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements,” said FCC Chairwoman Jessica Rosenworcel in announcing the proceeding. “This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.”
Code security provider GitGuardian has added a new honeytoken module to its platform to help customers secure their software development life cycle and software supply chains with intrusion and code leakage detection assistance.
Honeytokens are code scripts containing decoy credentials, which can be placed within a customer’s development environments to lure out attackers looking to target critical DevOps environments such as source control management (SCM) systems, continuous integration continuous deployment (CI/CD) pipelines, and software artifact registries.
polkit-122-3.fc38.1
config file permission change to increase security of polkitd
Reporting an incident to the correct authorities or vulnerability clearinghouses can be an experience fraught with frustration. You pour time, energy, and resources into fighting an intrusion, all while keeping company officials and stakeholders up to date and preventing sensitive information from getting into the wild. Explaining what happened might seem just like another layer of hard work and exposure to potential embarrassment when the details are out there for all to see.
But legislators have been pushing enterprise executives to share more information about security incidents and they’re creating new requirements in the United States and around the world to mandate the disclosure of such information. Why?
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a remote desktop session to a host that has been compromised or otherwise under control of an attacker.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability.