Cybersecurity Starts in the Boardroom
Among the vendors using uClibc and the uClibc variant uClibc-ng are Linksys, Netgear, Axis and Gentoo an embedded Linux distribution. This page from Ars Technica has links to the impacted devices: Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw | Ars Technica Vendors were informed of …
Continue reading “Flaw discovered in third-party code libraries used by hundreds of vendors”
Critical vulnerabilities have been discovered in these devices. No exploits have been reported in the wild – but patches are available – so get patching. Critical flaws in ‘millions of Aruba, Avaya switches’ • The Register
Google Releases Security Updates for Chrome | CISA Cisco Releases Security Updates for Multiple Products | CISA These advisories are issued by the US Government’s Cybersecurity and Infrastructure Security Agency (CISA). The usual applies – check your cybersecurity business information, to see if this impacts you and then get it …
Continue reading “CISA updates to be aware for Cisco devices and Google Chrome”
This post was first made on 27 April 2022 Here is an article from Microsoft examining an issue with Linux, where user privileges can be elevated by stringing together a number of vulnerabilities. Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn – Microsoft Security Blog If you use Linux …
Continue reading “Linux vulnerability – Nimbuspwn UPDATED 28 April 2022”
Zero-Days – will always be a problem and both Google and Mandiant are reporting rises in such exploitations in 2021. I have reported on this before but the point that comes out in Bruce Schneier’s piece is the numbers these research groups are reporting are detected or declared Zero-Days. What …
