No Image

USN-5345-1: Thunderbird vulnerabilities

2022-03-24 KENNETH 0

USN-5345-1: Thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, cause undefined behaviour, spoof the browser UI, or execute arbitrary code. (CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384) It was discovered that extensions of a particular type could auto-update themselves and bypass the prompt that requests permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to bypass security restrictions. (CVE-2022-22754) It was discovered that dragging and dropping an image into a folder could result in it being marked as executable. If a user were tricked into dragging and dropping a specially crafted image, an attacker could potentially [ more… ]

No Image

Get more Halo on Xbox Game Pass Ultimate with Paramount+

2022-03-24 KENNETH 0

Get more Halo on Xbox Game Pass Ultimate with Paramount+ Starting Wednesday, Xbox Game Pass Ultimate members will be able to stream A Mountain of Entertainment, including the Paramount+ Original Series, “Halo,” premiering on March 24, along with other exclusive originals, big movies and more with a 30-day free trial to Paramount+ via Perks. Ultimate members who are new to Paramount+ will be eligible to claim the 30-day subscription trial through the Perks gallery on the Xbox app on Windows PCs, on their Xbox console or through the Xbox Game Pass mobile app on iOS and Android. Once the Perk is claimed, members will be directed to the Paramount+ site to activate their trial. The Paramount+ app is also available to download and use on Windows PCs in select regions, on your Xbox Series X|S and Xbox One consoles. Head over to Xbox [ more… ]

NGINX Tutorial: Improve Uptime and Resilience with a Canary Deployment 

2022-03-24 KENNETH 0

NGINX Tutorial: Improve Uptime and Resilience with a Canary Deployment  Note: This tutorial is part of Microservices March 2022: Kubernetes Networking. Reduce Kubernetes Latency with Autoscaling Protect Kubernetes APIs with Rate Limiting Protect Kubernetes Apps from SQL Injection Improve Uptime and Resilience with a Canary Deployment (this post) Your organization is successfully delivering apps in Kubernetes and now the team is ready to roll out v2 of a backend service. But there are valid concerns about traffic interruptions (a.k.a. downtime) and the possibility that v2 might be unstable. As the Kubernetes engineer, you need to find a way to ensure v2 can be tested and rolled out with little to no impact on customers. You decide to implement a gradual, controlled migration using the traffic splitting technique “canary deployment” because it provides a safe and agile way to test the [ more… ]

No Image

Announcing Windows 11 Insider Preview Build 22581

2022-03-24 KENNETH 0

Announcing Windows 11 Insider Preview Build 22581 Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 22581 to the Dev and Beta Channels. TL;DR Build 22581 is also being flighted to Windows Insiders in the Beta Channel. Now that the Dev and Beta Channels are receiving the same builds, the limited window has opened for Insiders to switch channels if desired. Please read the details below about the limited window to switch channels and what happens when the window closes. The time is now for you to make sure you’re in the channel you want to be going forward! We also have a handful of improvements and fixes to some issues, see below for more details. If you missed yesterday’s webcast, you can watch it on demand here. This month’s webcast featured guests from the team responsible [ more… ]

No Image

LSN-0085-1: Kernel Live Patch Security Notice

2022-03-23 KENNETH 0

LSN-0085-1: Kernel Live Patch Security Notice Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges.(CVE-2022-0492) Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.(CVE-2022-25636) Source: LSN-0085-1: Kernel Live Patch Security Notice