#vulnerability

Plus: US regulators fine T-Mobile $60 million for mishap with sensitive data, New Zealand approves Kim Dotcom’s US extradition, and San Francisco takes on deepfake porn.

### Impact Due to ReferenceGrant changes not being immediately propagated in Cilium's GatewayAPI controller, Gateway resources are able to access secrets in other namespaces after the associated ReferenceGrant has been revoked. This can lead to Gateways continuing to establish sessions using secrets that they should no longer have access to. ### Patches This issue was resolved in https://github.com/cilium/cilium/pull/34032. This issue affects: - Cilium v1.15 between v1.15.0 and v1.15.7 inclusive - Cilium v1.16.0 This issue has been patched in: - Cilium v1.15.8 - Cilium v1.16.1 ### Workarounds Any modification of a related Gateway/HTTPRoute/GRPCRoute/TCPRoute CRD (for example, adding any label to any of these resources) will trigger a reconciliation of ReferenceGrants on an affected cluster. ### Acknowledgements The Cilium community has worked together with members of Cure53 and Isovalent to prepare these mitigations. Special thanks to @sayboras for resolving this issue. ###...

A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications. "Multiple security missteps were present in the course of this campaign, including the following: Exposing environment variables, using long-lived credentials, and absence

Ubuntu Security Notice 6964-1 - Noriko Totsuka discovered that ORC incorrectly handled certain crafted file. An attacker could possibly use this issue to execute arbitrary code.

WordPress Shield Security plugin versions 20.0.5 and below cross site scripting exploit that adds an administrative user.

Ubuntu Security Notice 6963-1 - It was discovered that GNOME Shell incorrectly opened the portal helper automatically when detecting a captive network portal. A remote attacker could possibly use this issue to load arbitrary web pages containing JavaScript, leading to resource consumption or other attacks.

Red Hat Security Advisory 2024-5482-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2024-5481-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and server-side request forgery vulnerabilities.

Ubuntu Security Notice 6962-1 - It was discovered that LibreOffice incorrectly allowed users to enable macros when a cryptographic signature failed to validate. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary macros.

Insurance version 1.2 suffers from an ignored default credential vulnerability.