Read Time:1 Second
Post Content
Yearly Archives: 2024
GLSA 202401-29: sudo: Memory Manipulation
firefox-flatpak-122.0-1
Read Time:6 Second
FEDORA-FLATPAK-2024-95e1b2c636
Packages in this update:
firefox-flatpak-122.0-1
Update description:
Firefox 122.0 release.
Malicious npm Packages Used to Target GitHub Developer SSH Keys
Read Time:4 Second
ReversingLabs noted a 1300% surge in harmful open-source packages between 2020 and 2023
Hackers Target Atlassian Confluence With RCE Exploits
Read Time:4 Second
Shadowserver reported over 39,000 exploitation attempts from 600 unique IP addresses, mainly Russian
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Read Time:27 Second
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Read Time:36 Second
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.
Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is an email client.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
USN-6595-1: PyCryptodome vulnerability
Read Time:8 Second
It was discovered that PyCryptodome had a timing side-channel when
performing OAEP decryption. A remote attacker could possibly use this issue
to recover sensitive information.
New Cybersecurity Governance Code Puts Cyber Risks on Boardroom Agenda
Read Time:8 Second
The UK government has published a draft code that aims to establish cybersecurity as a key focus for business leaders, on par with financial and legal risks
French Watchdog Slams Amazon with €32m Fine for Spying on Workers
Read Time:7 Second
The French CNIL has fined Amazon France Logistique $35m for an “excessively intrusive” surveillance system set up to monitor the performance of its staff