News

  • Getting to Know the CIS Benchmarks Tue, 17 May 2022 08:00:00 Z
    There are many ways for you to get involved in the development process of the CIS Benchmarks and to use a Benchmark's security recommendations.
Looking Glass Cyber
    Malware Patrol SecList
    • Evaluation of cyber activities and the threat landscape in Ukraine
      With this article, our core aim is to share a threat landscape overview, which Kaspersky cybersecurity researchers are observing in relation to the conflict, with the wider international community and thus to contribute to broader ongoing cyber-stability discussions of threat-related insights.
    securingtomorrow.mcafee.com Quick Heal Threat Post Naked Security Security Affairs

    Security Awareness Tips of the week

      Exploits

      Last 20 Website Defacements - Zone-h

      Advisories

      Symantec Packet Stoem Security

      • Ubuntu Security Notice USN-5427-1 Tue, 17 May 2022 17:25:51 GMT
        Ubuntu Security Notice 5427-1 - Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue to connect to arbitrary sockets as the root user.
      • Ubuntu Security Notice USN-5426-1 Tue, 17 May 2022 17:25:44 GMT
        Ubuntu Security Notice 5426-1 - Jakub Wilk discovered that needrestart incorrectly used some regular expressions. A local attacker could possibly use this issue to execute arbitrary code.
      • Ubuntu Security Notice USN-5425-1 Tue, 17 May 2022 17:25:20 GMT
        Ubuntu Security Notice 5425-1 - Yunho Kim discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to have unexpected behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
      • Apple Security Advisory 2022-05-16-8 Tue, 17 May 2022 17:18:31 GMT
        Apple Security Advisory 2022-05-16-8 - Xcode 13.4 addresses a logic issue and a privilege escalation issue.
      • Ubuntu Security Notice USN-5424-1 Tue, 17 May 2022 17:14:57 GMT
        Ubuntu Security Notice 5424-1 - It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.
      • Ubuntu Security Notice USN-5423-1 Tue, 17 May 2022 17:12:26 GMT
        Ubuntu Security Notice 5423-1 - Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service.
      • Ubuntu Security Notice USN-5311-2 Tue, 17 May 2022 17:07:22 GMT
        Ubuntu Security Notice 5311-2 - USN-5311-1 released updates for contained. Unfortunately, a subsequent update reverted the fix for thisCVE by mistake. This update corrects the problem. It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information.
      • Apple Security Advisory 2022-05-16-7 Tue, 17 May 2022 17:07:04 GMT
        Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.
      • Apple Security Advisory 2022-05-16-6 Tue, 17 May 2022 17:06:48 GMT
        Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
      • Apple Security Advisory 2022-05-16-5 Tue, 17 May 2022 17:06:32 GMT
        Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
      • WordPress Tatsu Builder Remote Code Execution Tue, 17 May 2022 17:02:14 GMT
        WordPress Tatsu Builder plugin versions prior to 3.3.13 suffer from an unauthenticated remote code execution vulnerability.
      • Apple Security Advisory 2022-05-16-4 Tue, 17 May 2022 16:59:55 GMT
        Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
      • Apple Security Advisory 2022-05-16-3 Tue, 17 May 2022 16:59:42 GMT
        Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
      • Apple Security Advisory 2022-05-16-2 Tue, 17 May 2022 16:58:15 GMT
        Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
      • Apple Security Advisory 2022-05-16-1 Tue, 17 May 2022 16:57:57 GMT
        Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
      • Ubuntu Security Notice USN-5422-1 Tue, 17 May 2022 16:57:29 GMT
        Ubuntu Security Notice 5422-1 - Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
      • Ubuntu Security Notice USN-5421-1 Mon, 16 May 2022 14:16:31 GMT
        Ubuntu Security Notice 5421-1 - It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Chintan Shah discovered that LibTIFF incorrectly handled memory when handling certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code.
      • Red Hat Security Advisory 2022-2253-01 Mon, 16 May 2022 14:16:11 GMT
        Red Hat Security Advisory 2022-2253-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.
      • Red Hat Security Advisory 2022-2256-01 Mon, 16 May 2022 13:59:19 GMT
        Red Hat Security Advisory 2022-2256-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.
      • Red Hat Security Advisory 2022-2255-01 Mon, 16 May 2022 13:55:34 GMT
        Red Hat Security Advisory 2022-2255-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.
      • Red Hat Security Advisory 2022-2236-01 Fri, 13 May 2022 16:05:30 GMT
        Red Hat Security Advisory 2022-2236-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
      • Red Hat Security Advisory 2022-1699-01 Fri, 13 May 2022 16:05:21 GMT
        Red Hat Security Advisory 2022-1699-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.50.
      • Ubuntu Security Notice USN-5419-1 Fri, 13 May 2022 16:05:08 GMT
        Ubuntu Security Notice 5419-1 - It was discovered that Rsyslog improperly handled certain invalid input. An attacker could use this issue to cause Rsyslog to crash.
      • Ubuntu Security Notice USN-5420-1 Fri, 13 May 2022 16:04:39 GMT
        Ubuntu Security Notice 5420-1 - It was discovered that Vorbis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
      • Red Hat Security Advisory 2022-2234-01 Thu, 12 May 2022 16:35:42 GMT
        Red Hat Security Advisory 2022-2234-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.