[월:] 2023년 06월

No Image

Microsoft study: Small businesses intrigued by AI and the opportunities it brings

2023-06-22 KENNETH 0

Microsoft study: Small businesses intrigued by AI and the opportunities it brings Artificial Intelligence (AI) is the defining technology of our time. Are small businesses equipped and willing to adapt to the new ways of work? The data featured in this post is from an internal study, the “Small Business State of Mind” report, commissioned by Microsoft Corporation in May 2023 and conducted by Wakefield Research. The pace of work has increased exponentially, and people are struggling to shoulder the weight of it all. Small businesses, accounting for 99% of all businesses and employing nearly half of the workforce in the U.S. [i], face heightened pressures due to more limited access to resources—people, revenue, etc.—than neighboring enterprises. With the emergence of AI, small businesses are poised to benefit greatly from next-generation tools and resources designed to help grow and scale businesses. [ more… ]

No Image

AWS 주간 소식 모음 – AWS re:Inforce 행사 및 보안 관련 업데이트

2023-06-22 KENNETH 0

AWS 주간 소식 모음 – AWS re:Inforce 행사 및 보안 관련 업데이트 지난주에는 클라우드 보안 컨퍼런스인 AWS re:Inforce가 열렸었고, 다양한 보안 관련 출시 소식이 제 관심을 끌었습니다. 지난주 출시 사항 Amazon EC2 Instance Connect 엔드포인트 – EC2 Instance Connect용 엔드포인트를 사용하면 프라이빗 IP 주소를 사용하여 Amazon EC2 인스턴스에 안전하게 액세스할 수 있으므로 더 이상 Bastion 호스트를 사용할 필요가 없습니다. 지난 주에 출시된 제품 중 EC2 Instance Connect용 엔드포인트가 가장 마음에 들었습니다. EC2 Instance Connect를 사용하면 AWS Identity and Access Management(IAM) 정책 및 보안 주체로 인스턴스에 대한 SSH 액세스를 제어할 수 있습니다. 따라서 SSH 키를 공유하고 관리할 필요가 없습니다. 또한 인스턴스 ID만 사용하여 인스턴스에 보안 터널을 쉽게 연결하거나 열 수 있도록 AWS Command Line Interface(AWS CLI)도 업데이트되었습니다. 소셜 미디어에서 AWS Systems Manager Session Manager가 이미 유사한 기능을 제공한다고 지적한 몇 개의 스레드를 읽고 기고했습니다. 맞는 말이지만 EC2 Instance Connect 엔드포인트는 scp 명령과 [ more… ]

No Image

LSN-0095-1: Kernel Live Patch Security Notice

2023-06-21 KENNETH 0

LSN-0095-1: Kernel Live Patch Security Notice It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.(CVE-2023-0386) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information.(CVE-2023-1380) It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-1872) Jean-Baptiste Cayrou discovered that the shiftfs file system [ more… ]

No Image

USN-6182-1: pngcheck vulnerabilities

2023-06-21 KENNETH 0

USN-6182-1: pngcheck vulnerabilities It was discovered that pngcheck incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Source: USN-6182-1: pngcheck vulnerabilities

No Image

USN-6181-1: Ruby vulnerabilities

2023-06-21 KENNETH 0

USN-6181-1: Ruby vulnerabilities Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. This issue only affected Ubuntu 22.10. (CVE-2021-33621) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-28755, CVE-2023-28756) Source: USN-6181-1: Ruby vulnerabilities