Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

USN-5663-1: Thunderbird vulnerabilities

2022-10-08 KENNETH 0

USN-5663-1: Thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, obtain sensitive information, spoof the contents of the addressbar, bypass security restrictions, or execute arbitrary code. (CVE-2022-2505, CVE-2022-36318, CVE-2022-36319, CVE-2022-38472, CVE-2022-38473, CVE-2022-38476 CVE-2022-38477, CVE-2022-38478) Multiple security issues were discovered in Thunderbird. An attacker could potentially exploit these in order to determine when a user opens a specially crafted message. (CVE-2022-3032, CVE-2022-3034) It was discovered that Thunderbird did not correctly handle HTML messages that contain a meta tag in some circumstances. If a user were tricked into replying to a specially crafted message, an attacker could potentially exploit this to obtain sensitive information. (CVE-2022-3033) A security issue was discovered [ more… ]

No Image

Microsoft Pluton helps secure AMD-powered Acer Swift Edge

2022-10-07 KENNETH 0

Microsoft Pluton helps secure AMD-powered Acer Swift Edge On-the-go professionals looking for the right PC for their hybrid work lives now have another choice: the Acer Swift Edge, a lightweight 16-inch OLED Windows 11 PC laptop powered by AMD Ryzen PRO 6000 series and AMD Ryzen 6000 processors and up to eight high performance Zen 3+ cores built on advanced 6 nm process technology. For IT administrators, AMD PRO technologies deliver multilayered security features to help keep threats at bay, and comprehensive manageability options that scale for long-term stability and reliability. The Acer Swift Edge comes with the Microsoft Pluton, a security processor designed by Microsoft that hardens new Windows 11 PCs with additional protection for sensitive assets such as credentials and encryption keys. To further keep users at ease, the addition of biometric authentication and a Noble Wedge Lock [ more… ]

No Image

USN-5371-3: nginx vulnerability

2022-10-07 KENNETH 0

USN-5371-3: nginx vulnerability USN-5371-1 and USN-5371-2 fixed several vulnerabilities in nginx. This update provides the corresponding update for CVE-2020-11724 for Ubuntu 16.04 ESM. Original advisory details: It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11724) It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-36309) It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. If a remote attacker were able to intercept the communication, this issue could be used to redirect traffic between subdomains. (CVE-2021-3618) Source: USN-5371-3: nginx vulnerability

최신 AWS 서울 리전 출시 소식 – AWS Cloud WAN, Amazon EMR Serverless 및 SageMaker Canvas 등

2022-10-07 KENNETH 0

최신 AWS 서울 리전 출시 소식 – AWS Cloud WAN, Amazon EMR Serverless 및 SageMaker Canvas 등 AWS는 200여개가 넘는 클라우드 서비스를 빠르게 서울 리전에 선보이도록 노력하고 있습니다. 지난 9월에도 다양한 신규 서비스가 서울 리전에 출시되었기에 여러분에게 정리해서 다시 한번 알려드립니다. Amazon DevOps Guru for RDS 서울 리전 출시 (9월 27일) Amazon DevOps Guru for RDS는 개발자 및 데브옵스 엔지니어가 Amazon RDS의 다양한 데이터베이스 관련 문제를 빠르게 탐지, 진단 및 해결하도록 설계된 새로운 기계 학습 기반 기능입니다. DevOps Guru for RDS가 데이터베이스 관련 문제(예: 리소스 과다 사용, 특정 SQL 쿼리의 잘못된 동작)를 탐지하면 서비스는 즉시 사용자에게 알리고 진단 정보, 문제 범위에 대한 세부 정보, 지능형 권장 사항을 제공하여 고객의 신속한 문제 해결을 지원합니다. DevOps Guru for RDS를 사용하면 수동 단계, 기계 학습 전문 지식, 심오한 데이터베이스 전문 지식이 없어도 데이터베이스의 성능 병목 현상 및 운영 문제를 모니터링할 수 있습니다. Amazon [ more… ]

No Image

[get Server!]톡 안의 신분 증명, 카카오 지갑

2022-10-07 KENNETH 0

[get Server!]톡 안의 신분 증명, 카카오 지갑 스마트폰이 보급화 되고 모바일 페이 서비스가 강력해지면서 점점 휴대폰만 들고 다니는 사람들이 많아지고 있지만, 신분 증명을 위해서는 여전히 실물 주민등록증과 운전면허증이 필요합니다. 카카오 지갑 서비스개발파트에서는 이런 영역까지 스마트폰 하나로 가능한 “카카오 지갑” 서비스를 만들고 있습니다. 나의 지갑을 완전하게 대체해줄 카카오톡 지갑 서비스에서 함께 일할 개발자들을 찾고 있습니다.   우리의 서비스 톡 더보기 탭의 카카오톡 지갑 […] Source: [get Server!]톡 안의 신분 증명, 카카오 지갑