-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Oct 11, 2022
> This new intelligence sharing initiative aims to reduce the window of opportunity threat actors have to exploit newly-disclosed vulnerabilities, allowing security teams and system administrators to address attack paths before hackers can take advantage. AlmaLinux, Canonical, CIQ, GreyNoise and TuxCare [the new brand name for CloudLinux Enterprise services] are the five inaugural members of this growing network.
> CISA has released three Industrial Control Systems (ICS) advisories on October 11, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
> This release includes security fixes in Go 1.18.7 (released 2022-10-04) for the archive/tar, net/http/httputil, and regexp packages. This release also includes fixes to improve robustness. This release note describes what is different between Istio 1.14.4 and Istio 1.14.5.
> This release includes security fixes in Go 1.19.2 (released 2022-10-04) for the archive/tar, net/http/httputil, and regexp packages. This release contains bug fixes to improve robustness. This release note describes what is different between Istio 1.15.1 and Istio 1.15.2.
> This release contains a patch for CVE-2022-41715 and bug fixes to improve robustness. This release note describes what is different between Istio 1.13.8 and Istio 1.13.9.
> Microsoft has released patches for 84 vulnerabilities in its products on its monthly Patch Tuesday, but failed to deliver fixes for two zero-day flaws in versions of Exchange Server that were reported publicly on 29 September.
> The Security Response Team at Tenable said in a blog post that the 84 CVEs which were issued included two critical flaws.
> Microsoft issued a statement, listing security updates for vulnerabilities in Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019.
> As iTWire reported, based on tweets from British security expert Kevin Beaumont, the two zero-days are similar to the ProxyShell vulnerability for which updates were issued by Microsoft in May and July last year.
> Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
> CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
-- Response ended
-- Page fetched on Thu Jun 13 08:13:36 2024