Security
Headlines
HeadlinesLatestCVEs

Tag

#aws

US and UK Military Social Network “Forces Penpals” Exposes SSN, PII Data

Forces Penpals, a social network for US and UK military personnel, exposed the sensitive data of 1.1M users,…

HackRead
#web#ios#android#aws
Ubuntu Security Notice USN-7120-2

Ubuntu Security Notice 7120-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-7121-1

Ubuntu Security Notice 7121-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-7120-1

Ubuntu Security Notice 7120-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Qualys released QScanner – a console vulnerability scanner for container images

Qualys released QScanner – a console vulnerability scanner for container images. Feed it an image and get a list of vulnerabilities (a la Trivy). It supports: “Local Runtimes: Scan images from Docker, Containerd, or Podman.Local Archives: Analyze Docker images or OCI layouts from local files.Remote Registries: Connect to AWS ECR, Azure Container Registry, JFrog, GHCR, […]

Ubuntu Security Notice USN-7110-1

Ubuntu Security Notice 7110-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Cloud Ransomware Flexes Fresh Scripts Against Web Apps

Cloud service providers are getting better at protecting data, pushing adversaries to develop new cloud ransomware scripts to target PHP applications, a new report says.

GHSA-rp9h-rf7g-hwgr: s2n-tls has undefined behavior at process exit

### Impact s2n-tls uses the Linux atexit function to register functions that clean up the global state when the process exits. In multi-threaded environments, the atexit handler may clean up state which is still in use by other threads. When this occurs, the exiting process may experience a segmentation fault or other undefined behavior. Customers of AWS services do not need to take action. Applications using s2n-tls should upgrade to the most recent release of s2n-tls. **Impacted versions**: < v1.5.9. ### Patches The patch commit [493b771](https://github.com/aws/s2n-tls/commit/493b77167dc367c394de23cfe78a029298e2a254) is included in s2n-tls v1.5.9 [1] ### Workarounds The atexit handler may be disabled by calling `s2n_disable_atexit()` prior to initializing s2n-tls. The atexit handler is off by default in the patched versions. For further details, refer to [s2n-tls Usage Guide: Initialization and Teardown](https://github.com/aws/s2n-tls/blob/main/docs/usage-guide/topics/ch02-initi...

Ubuntu Security Notice USN-7100-2

Ubuntu Security Notice 7100-2 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Amazon Employee Data Compromised in MOVEit Breach

The data leak was not actually due to a breach in Amazon's systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.