#mac

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4144: QEMU: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read

An update for libreoffice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3140: libreoffice: Macro URL arbitrary script execution * CVE-2022-26305: libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation * CVE-2022-26306: libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password * CVE-2022-26307: libreoffice: Weak Master Keys

This Tech Tip outlines the steps enterprise defenders should take as they protect their data in cloud environments in response to the security incident with the CI/CD platform.

Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The `strcpy` at [18] overflows the buffer `insteon_pubnub.channel_al`, which has a size of 16 bytes.

<p>Cryptology is a young science.</p> <p>Though it has been used for thousands of years to hide secret messages, systematic study of cryptology as a science (and perhaps an art) just started around one hundred years ago.</p> <p>The first known evidence of the use of cryptography (in some form) was found in an inscription carved around 1900 BC, in the main chamber of the tomb of the nobleman <a href="https://en.wikipedia.org/wiki/Khnumhotep_II">Khnumhotep II</a>, in Egypt. T

Current defenses are able to protect against today's AI-enhanced cybersecurity threats, but that won't be the case for long as these attacks become more effective and sophisticated.

Organizations are looking for new methods to safeguard the virtual machines, containers, and workload services they use in the cloud.

A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is malware that has increasingly come under the radar for being used in attacks aimed at finance,

support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients).

Gentoo Linux Security Advisory 202301-9 - A vulnerability has been discovered in protobuf-java which could result in denial of service. Versions less than 3.20.3 are affected.