[월:] 2022년 12월

AWS Marketplace Vendor Insights – 서드파티 소프트웨어 위험 평가 간소화 기능 출시

2022-12-14 KENNETH 0

AWS Marketplace Vendor Insights – 서드파티 소프트웨어 위험 평가 간소화 기능 출시 AWS Marketplace Vendor Insights는 AWS Marketplace의 새로운 기능입니다. 이를 통해 AWS Marketplace에서 솔루션 조달 시 서드파티 소프트웨어 위험 평가를 간소화할 수 있습니다. 데이터 프라이버시 및 상주, 애플리케이션 보안 및 액세스 제어와 같은 보안 및 규정 준수 정보를 하나의 통합 대시보드에서 컴파일하여 서드파티 소프트웨어가 업계 표준을 지속적으로 충족하는지 확인할 수 있습니다. 보안 엔지니어는 이제 몇 개월이 아닌 며칠 만에 서드파티 소프트웨어 위험 평가를 완료할 수 있습니다. 이제 다음을 수행할 수 있습니다. Vendor Insights 프로필을 검색하고 액세스하여 AWS Marketplace에서 보안 및 인증 표준을 충족하는 제품을 빠르게 찾아보십시오. 공급 업체의 보안 도구 및 감사 보고서에서 수집한 증거와 함께 최신의 검증된 정보에 액세스하고 이를 다운로드해보십시오. 보고서는 AWS Artifact 서드파티 보고서(현재 미리 보기로 제공)에서 다운로드할 수 있습니다. 구매 후 소프트웨어의 보안 상태를 모니터링하고 보안 및 규정 준수 이벤트에 대한 알림을 받을 수 있습니다. [ more… ]

No Image

2022 NGINX State of App and API Delivery Report

2022-12-14 KENNETH 0

2022 NGINX State of App and API Delivery Report December is a natural time for reflection and introspection. As the year draws to a close, many organizations – including NGINX – are thinking about lessons learned over the past 12 months. Like us, you might be asking questions like: What insights can our data provide? What did we learn? What will we do differently and where should we keep powering forward? At NGINX, our retrospective includes analyzing the input and feedback that our community shares with us in our annual survey. In 2022, the survey both yielded surprises and confirmed trends we’d been picking up throughout the year. In this blog, we surface key insights and share the 2022 NGINX State of App and API Delivery Report. 2022 Insights Insight #1: Security (still) isn’t everybody’s job…and that’s ok. As is typical in most surveys, we [ more… ]

No Image

USN-5777-1: Pillow vulnerabilities

2022-12-13 KENNETH 0

USN-5777-1: Pillow vulnerabilities It was discovered that Pillow incorrectly handled the deletion of temporary files when using a temporary directory that contains spaces. An attacker could possibly use this issue to delete arbitrary files. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-24303) It was discovered that Pillow incorrectly handled the decompression of highly compressed GIF data. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. (CVE-2022-45198) Source: USN-5777-1: Pillow vulnerabilities

No Image

USN-5776-1: containerd vulnerabilities

2022-12-13 KENNETH 0

USN-5776-1: containerd vulnerabilities It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote attacker could possibly use this issue to cause a denial of service or crash containerd. (CVE-2022-23471, CVE-2022-31030) It was discovered that containerd incorrectly set up inheritable file capabilities. An attacker could possibly use this issue to escalate privileges inside a container. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24769) It was discovered that containerd incorrectly handled access to encrypted container images when using imgcrypt library. A remote attacker could possibly use this issue to access encrypted images from other users. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24778) Source: USN-5776-1: containerd vulnerabilities

No Image

USN-5775-1: Vim vulnerabilities

2022-12-13 KENNETH 0

USN-5775-1: Vim vulnerabilities It was discovered that Vim uses freed memory in recurisve substitution of specially crafted patterns. An attacker could possbly use this to crash Vim and cause denial of service. (CVE-2022-2345) It was discovered that Vim makes illegal memory calls when patterns start with an illegal byte. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2581) It was discovered that Vim could be made to crash when parsing invalid line numbers. An attacker could possbly use this to crash Vim and cause denial of service. (CVE-2022-3099) It was discovered that Vim uses freed memory when autocmd changes a mark. An attacker could possbly use this to crash Vim and cause denial of service. (CVE-2022-3256) It was discovered the Vim uses an incorrect array index when window width is negative. [ more… ]