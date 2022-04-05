Security Leftovers
-
CISA Temporarily Removes CVE-2022-26925 from Known Exploited Vulnerability Catalog [Ed: Almost as if Microsoft controls CISA "from the inside". They certainly control the narrative there as CISA rarely mentions Windows or Microsoft, except in a positive context.]
CISA is temporarily removing CVE-2022-26925 from its Known Exploited Vulnerability Catalog due to a risk of authentication failures when the May 10, 2022 Microsoft rollup update is applied to domain controllers. After installing May 10, 2022 rollup update on domain controllers, organizations might experience authentication failures on the server or client for services, such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). Microsoft notified CISA of this issue, which is related to how the mapping of certificates to machine accounts is being handled by the domain controller.
-
Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits [Ed: This has nothing to do with Linux, but Microsoft-connected sites post garbage like that]
Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers.
-
Vulnerability in Zyxel firewalls allowing code execution without authentication - LinuxStoney
in Zyxel’s ATP, VPN, and USG FLEX series devices designed for enterprise firewalls, IDS, and VPNs has been identified critical vulnerability (CVE-2022-30525) To carry out an attack, an attacker must be able to send requests to the device via the HTTP/HTTPS protocol. Zyxel vulnerability in the ZLD 5.30 firmware update. According to the Shodan service, there are currently 16,213 potentially vulnerable devices on the global network that accept requests via HTTP/HTTPS.
Operation is performed by sending specially designed commands to the /ztp/cgi-bin/handler web handler, accessible without authentication. The problem caused by the lack of proper cleaning of query parameters when executing commands in the system using the os.system call used in the lib_wan_settings.py library and performed when processing the setWanPortSt operation.
-
- Login or register to post comments
- Printer-friendly version
- 329 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
today's howtos
DeaDBeeF 1.9.0 Released! How to install it in Ubuntu 22.04
DeaDBeeF music player released new 1.9.0 version a day ago. Here’s what’s new and how to install the application in Ubuntu. DeaDBeeF is one of my favorite music players, especially for its design mode. Glory to Ukraine! In this release you’ll see two little hearts (in blue and yellow) in the title bar of app window.
Distrobox is Awesome
When I started using Distrobox, I started wondering what are the limits of what I could do with this system? I was able to install my favorite Usenet newsreader, Knode from Debian 8, and openSUSE on whatever system I wanted. It opened whole new doors for experimenting with software that may be long forgotten. Could I run a simple windows manager like i3, Sway, or IceWM in Distrobox? It took some trial and error, but yes I could. Now, with that said, we are working with containers. When you run an application in Distrobox, it mainly sees your actual home directory. Outside of your home directory, it sees the container’s filesystem. If you save something to your home directory, it gets saved to your real home directory and you can open it up like you could normally. If you save something to /usr/local/ or any other directory outside of your home directory, it will only be saved in the container and not to your actual base filesystem. Also: f2fscrypt utility compiled statically in OE
Fedora Family / Red Hat Leftovers
Recent comments
1 min ago
6 min 40 sec ago
9 min 50 sec ago
31 min 42 sec ago
1 hour 32 min ago
2 hours 18 min ago
5 hours 42 min ago
11 hours 5 min ago
13 hours 2 min ago
20 hours 26 min ago