USN-5252-1: PolicyKit vulnerability It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator. Source: USN-5252-1: PolicyKit vulnerability
WordPress 5.9 Josephine Welcome to Joséphine! Introducing 5.9, ‘Joséphine’. Named in honor of acclaimed international jazz singer Joséphine Baker, this latest, most versatile WordPress release is here: download it or update it directly from your dashboard. As a lifelong civil rights campaigner, Joséphine Baker believed that all people could live in harmony together, just as different instruments in a jazz band blend together to make a whole piece. Turn on a playlist from your favorite music service and enjoy her famous renditions of “You are the greatest love”, “Sans Amour”, and “Love is a Dreamer” as you discover all the features of this brand-new WordPress release. Full site editing is here. It puts you in control of your whole site, right in the WordPress Admin. Say hello to Twenty Twenty-Two. And say hello to the first default block theme in the [ more… ]
Amazon GuardDuty, EC2 인스턴스 자격 증명 유출 탐지 강화 Amazon GuardDuty는 악의적인 활동과 미승인 활동을 지속적으로 모니터링하여 AWS 계정, 워크로드, Amazon Simple Storage Service(Amazon S3)에 저장된 데이터를 보호하는 위협 탐지 서비스입니다. GuardDuty는 기계 학습을 활용해 수많은 공개 및 AWS 생성 데이터 피드에서 수십억 개의 이벤트를 분석하여 문제가 있음을 인식할 수 있는 징후인 추세, 패턴 및 이상 현상을 찾습니다. GuardDuty는 클릭 한 번으로 활성화하여 몇 분 안에 최초 결과를 확인할 수 있습니다. 오늘, GuardDuty에 사용자의 Amazon Elastic Compute Cloud(Amazon EC2) 인스턴스 자격 증명이 다른 AWS 계정에서 사용되는 경우를 탐지하는 기능이 추가되었습니다. EC2 인스턴스 자격 증명은 AWS Identity and Access Management(IAM) 역할이 연결된 경우 EC2 메타데이터 서비스를 통해 인스턴스에서 실행 중인 모든 애플리케이션에 사용할 수 있는 임시 자격 증명입니다. 어떤 위험이 있습니까? EC2 인스턴스에 배포된 워크로드는 AWS 서비스에 액세스할 때 액세스 키, 비밀 액세스 키 및 세션 토큰을 사용합니다. 워크로드에 액세스 키 [ more… ]
Supporting Open Source for a More Secure World: F5 NGINX Announces Sponsorships of Let’s Encrypt and OpenSSL Our goals at F5 NGINX include not only building great open source software that enables modern applications and Platforms Ops practices, but also making the technology world more secure. We take great pride in our security efforts, and also recognize that it takes a broader team to secure the technology fabric we all increasingly rely on in our daily lives. We are proud to announce our sponsorship of two of the open source projects that are crucial in securing technology across the globe – Let’s Encrypt and OpenSSL. Let’s Encrypt Let’s Encrypt has lowered the barrier to security by making it, quite literally, free to obtain and deploy digital certificates. More specifically, the mission of Let’s Encrypt is to create a more secure World Wide Web by promoting [ more… ]
USN-5250-2: strongSwan vulnerability USN-5250-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication. Source: USN-5250-2: strongSwan vulnerability
Copyright © 2024 | WordPress Theme by MH Themes
