Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

Microsoft Edge and Interop 2022

2022-03-04 KENNETH 0

Microsoft Edge and Interop 2022 Last year, the Compat 2021 effort made tangible progress on improving five of the top pain points for web developers. Microsoft, in collaboration with Google and Igalia, contributed a rewrite of the CSS Grid module in Blink, along with bug fixes for CSS Transforms. Representatives from Apple, Bocoup, Google, Igalia, Microsoft, and Mozilla collectively agreed that the effort’s name did not accurately reflect its intent to address core interoperability gaps between browsers. This year, Microsoft is again pleased to announce its participation in the more aptly named Interop 2022 effort. While Microsoft will be primarily focused on shipping CSS Subgrid support, this is only one of the fifteen areas of interoperability that Interop 2022 will focus on. These include longstanding areas of developer frustration, along with frequently requested new features that web developers will be [ more… ]

No Image

USN-5311-1: containerd vulnerability

2022-03-03 KENNETH 0

USN-5311-1: containerd vulnerability It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information. Source: USN-5311-1: containerd vulnerability

No Image

USN-5300-2: PHP vulnerabilities

2022-03-03 KENNETH 0

USN-5300-2: PHP vulnerabilities USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. (CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. (CVE-2017-9119) It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information. (CVE-2021-21707) Source: USN-5300-2: PHP vulnerabilities

No Image

USN-5312-1: HAProxy vulnerability

2022-03-03 KENNETH 0

USN-5312-1: HAProxy vulnerability It was discovered that HAProxy incorrectly handled certain headers. A remote attacker could possibly use this issue to cause HAProxy to stop responding, resulting in a denial of service. Source: USN-5312-1: HAProxy vulnerability

AWS Security Hub을 통한 리전 간 보안이슈 통합 집계 모범 사례

2022-03-03 KENNETH 0

AWS Security Hub을 통한 리전 간 보안이슈 통합 집계 모범 사례 AWS Security Hub는 AWS의 다양한 서비스 및 파트너 제품의 보안 경고를 표준화된 형식으로 통합 집계하여 고객에게 AWS 환경 전반에 걸친 중앙 집중화된 보안 현황을 제공합니다. 고객은 이를 통하여 발견된 보안 이슈에 대하여 보다 빠르고 효과적인 조치를 취할 수 있습니다. 고객 환경 전반에 걸친 보안 현황을 중앙에서 관리할 수 있도록 Security Hub에서는 일부 또는 모든 리전에 대하여 집계가 보여질 통합 리전을 지정할 수 있으며, 이는 위임된 AWS 관리자 계정의 단일 집계 영역으로 연결됩니다. 즉, 고객의 모든 계정 및 연결된 모든 리전에서 발견된 모든 보안 이슈가 통합 리전의 Security Hub를 통해서 중앙관리됩니다. 이 기능을 사용하여 고객은 AWS 환경 전반에 걸친 보안 이슈에 대한 빠짐없는 관리를 통하여 높은 수준의 보안을 유지할 수 있으며, 자원을 효율적으로 활용하여 운영비용을 절감할 수 있습니다. 이 글에서는 여러 리전에 걸쳐서 Security Hub를 사용할 때의 모범 사례를 제공하고자 합니다. [ more… ]