-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Jul 23, 2023
> China-linked APT actors could have single-hop access to the gamut of Microsoft cloud services and apps, including SharePoint, Teams, and OneDrive, among many others.
> The company is mentioned in that same post as having checked the content for technical accuracy. Shir Tamari, a researcher from cloud security firm Wiz, said very clearly: "..we want to thank the Microsoft team for working closely with us on this blog and helping us ensure it is technically accurate."
> Microsoft's obfuscation was made to the CIA-funded site, The Record. The software giant has not put out any official post on this. While some others have pointed out the company's double-speak on the issue, no American tech site has written it up and focused on the fact that Microsoft is saying one thing now, having said precisely the opposite earlier.
> The Record quotes a Microsoft spokesperson as saying: "Many of the claims made in this blog are speculative and not evidence-based. We’ve also recently expanded security logging availability, making it free for more customers by default, to help enterprises manage an increasingly complex threat landscape.”
> Hosts Sophia d'Antoine and Ian Roos presented the list at Summercon in Brooklyn, where they also handed out a surprise Lifetime Achievement Award.
> Multiple significant security vulnerabilities have been discovered in the Linux kernel, including a remotely exploitable null pointer dereference flaw in the networking protocol (CVE-2023-3338), use-after-free vulnerabilities in kernel's netfilter subsystem in net/netfilter/nf_tables_api.c (CVE-2023-3390) and nft_chain_lookup_byid() (CVE-2023-31248), and an out-of-bounds read/write vulnerability (CVE-2023-35001). These bugs are easy to exploit and pose a severe risk to your system's confidentiality, integrity, and availability. As a result, they have received a National Vulnerability Database severity rating of ''High''.
-- Response ended
-- Page fetched on Fri Jun 14 02:20:01 2024