[월:] 2023년 04월

No Image

USN-6000-1: Linux kernel (BlueField) vulnerabilities

2023-04-06 KENNETH 0

USN-6000-1: Linux kernel (BlueField) vulnerabilities It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3169) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Gwangun Jung discovered a race condition in the IPv4 implementation in [ more… ]

No Image

USN-5998-1: Apache Log4j vulnerabilities

2023-04-06 KENNETH 0

USN-5998-1: Apache Log4j vulnerabilities It was discovered that the SocketServer component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. (CVE-2019-17571) It was discovered that the JMSSink component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-23302) It was discovered that Apache Log4j 1.2 incorrectly handled certain SQL statements. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database. This issue was only fixed in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2022-23305) It was discovered that the Chainsaw component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 18.04 [ more… ]

No Image

Microsoft Edge Workspaces public preview is now available

2023-04-06 KENNETH 0

Microsoft Edge Workspaces public preview is now available Last fall, at Ignite, we announced the enterprise public preview of Microsoft Edge Workspaces. Since then, we’ve been hard at work to make it available more broadly and allow you to try Edge Workspaces in your home life.  Today, we are excited to announce that we’re opening Edge Workspaces for a limited public preview. We want to continue to build out this game-changing, collaborative feature, and we cannot do it without valuable feedback from Edge users. Today, we want to share what you can do with Edge Workspaces and how it can help you get more done, together. We’ll also share how you can join the public preview and be one of the first to try Edge Workspaces. Stay focused At Microsoft Edge, helping you get more done and multitask smarter is [ more… ]

Managing Kubernetes Cost and Performance with Kubecost and NGINX

2023-04-06 KENNETH 0

Managing Kubernetes Cost and Performance with Kubecost and NGINX Balancing cost and risk is top of mind for enterprises today. But without sufficient visibility, it is impossible to know if resources are being used effectively or consistently. Kubernetes enables complex deployments of containerized workloads, which are often transient and consume variable amounts of cluster resources. That makes cloud environments a great fit for Kubernetes, because they offer pricing models where you only pay for what you use, instead of having to overprovision in anticipation of peak loads. Of course, cloud vendors charge a premium for that convenience. What if you could unlock the dynamic load balancing of public cloud, without the cost? And what if you could use the same solution for your on‑premises and public cloud deployments? Now you can. Kubecost and NGINX are helping Kubernetes users reduce complexity [ more… ]

Accelerating DDoS Mitigation with eBPF in F5 NGINX App Protect DoS

2023-04-06 KENNETH 0

Accelerating DDoS Mitigation with eBPF in F5 NGINX App Protect DoS The battle against DDoS attacks continues to transform. In the 2023 DDoS Attack Trends report, F5 Labs analyzed three years of recent data about distributed denial-of-service (DDoS) attacks and found that while attackers still use complex multi‑vector DDoS attacks, they have also shifted to launching more purely application‑layer (Layer 7) attacks. In 2022 alone, the prevalence of Layer 7 attacks grew by 165%. Counts of DDoS attack types, 2020–2022, showing a large increase in the number of application attacks and corresponding reduction in volumetric and multi‑vector attacks. Typically, attackers pursue the easiest path to achieve their goal, whether that means preventing operations of a website or extortion of a target. This rise in Layer 7 attacks may be an indication that it is becoming harder to launch a DDoS attack solely by using a volumetric or [ more… ]