Read Time:8 Second
FEDORA-2024-5d581b2365
Packages in this update:
apache-commons-io-2.11.0-5.fc39
Update description:
Fixes possible denial of service attack on untrusted input
Daily Archives: October 4, 2024
Sellafield nuclear site hit with £332,500 fine after “significant cybersecurity shortfalls”
Read Time:14 Second
The UK’s Sellafield nuclear waste processing and storage site has been fined £332,500 by regulators after its IT systems were found to have been left vulnerable to hackers and unauthorised access for years.
Read more in my article on the Hot for Security blog.
CRI Releases Guidance on Avoiding Ransomware Payments
Read Time:4 Second
The Counter Ransomware Initiative has released new guidance discouraging organizations from making ransomware payments
Synacor Zimbra Collaboration Command Execution Vulnerability (CVE-2024-45519)
Read Time:1 Minute, 2 Second
What is the Vulnerability?Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows attackers to execute arbitrary commands on vulnerable systems. CVE-2024-45519 is a vulnerability in the postjournal service used for recording email communications. This OS command injection flaw can be exploited without authentication and successful exploitation can lead to unauthorized access, privilege escalation, and potential compromise of the affected system’s integrity and confidentiality.Zimbra Collaboration (by Synacor) is a popular cloud-based collaboration software and email platform. The remote code execution vulnerability (CVE-2024-45519) in this software was disclosed on September 27, along with a proof of concept (PoC) exploit.What is the recommended Mitigation?Zimbra has released a patch for CVE-2024-45519. Organizations that haven’t implemented the latest patch are advised to do so immediately. https://blog.zimbra.com/2024/10/zimbra-cve-2024-45519-vulnerability-stay-secure-by-updating/ What FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor. The FortiGuard Incident Response team can be engaged to help with any suspected compromise.The FortiGuard Labs team is further investigating to provide protections and will update this Threat Signal Report with more information once it becomes available.
p7zip-16.02-31.el8
Read Time:7 Second
FEDORA-EPEL-2024-851c74616f
Packages in this update:
p7zip-16.02-31.el8
Update description:
Fix wrapper to hide password from process history
p7zip-16.02-31.el9
Read Time:7 Second
FEDORA-EPEL-2024-8de34d4fda
Packages in this update:
p7zip-16.02-31.el9
Update description:
Fix wrapper to hide password from process history
p7zip-16.02-31.fc41
Read Time:7 Second
FEDORA-2024-6ecf5236ae
Packages in this update:
p7zip-16.02-31.fc41
Update description:
Fix wrapper to hide password from process history
p7zip-16.02-31.fc40
Read Time:7 Second
FEDORA-2024-5c99e1d579
Packages in this update:
p7zip-16.02-31.fc40
Update description:
Fix wrapper to hide password from process history
p7zip-16.02-31.fc39
Read Time:7 Second
FEDORA-2024-ec78ab2c45
Packages in this update:
p7zip-16.02-31.fc39
Update description:
Fix wrapper to hide password from process history
DSA-5783-1 firefox-esr – security update
Read Time:24 Second
Multiple security issues have been found in the Mozilla Firefox
web browser, which could potentially result in the execution
of arbitrary code.
Debian follows the extended support releases (ESR) of Firefox.
Starting with this update we’re now following the 128.x releases.
Between 115.x and 128.x, Firefox has seen a number of feature
updates. For more information please refer to
https://www.mozilla.org/en-US/firefox/128.0esr/releasenotes/