Sicurezza – Bollettini Microsoft e Linux
News, Alert e Bollettini di sicurezza Microsoft e Linux
- Vulnerability Descriptions in the New Version of the Security Update Guideby MSRC Team on 9 Novembre 2020 at 9:30 pm
With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS). This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary … Vulnerability Descriptions in the New Version of the Security Update Guide Read More »
- Attacks exploiting Netlogon vulnerability (CVE-2020-1472)by Aanchal Gupta on 29 Ottobre 2020 at 8:02 pm
Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020. If the original guidance is not applied, the vulnerability could allow an attacker to spoof a domain controller account that could be … Attacks exploiting Netlogon vulnerability (CVE-2020-1472) Read More »
- Announcing the Top MSRC 2020 Q3 Security Researchersby Sylvie Liu on 15 Ottobre 2020 at 4:00 pm
Following the MSRC’s 2020 Most Valuable Security Researchers announced during this year’s Black Hat, we’re excited to announce the top contributing researchers for the 2020 Third Quarter (Q3)! The top three researchers of the 2020 Q3 Security Researcher Leaderboard are: David Dworken (1800 points), Cameron Vincent (1780 points), and Yuki Chen (1380 points). Congratulations to … Announcing the Top MSRC 2020 Q3 Security Researchers Read More »
- Security Analysis of CHERI ISAby MSRC Team on 14 Ottobre 2020 at 7:30 pm
Is it possible to get to a state where memory safety issues would be deterministically mitigated? Our quest to mitigate memory corruption vulnerabilities led us to examine CHERI (Capability Hardware Enhanced RISC Instructions), which provides memory protection features against many exploited vulnerabilities, or in other words, an architectural solution that breaks exploits. We’ve looked at … Security Analysis of CHERI ISA Read More »
- Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Communityby Sylvie Liu on 6 Ottobre 2020 at 3:59 pm
The Azure Sphere Security Research Challenge brought together 70 researchers from 21 countries to help secure Azure Sphere customers and expand Microsoft’s partnerships with the global IoT security research community. During the three-month Azure Sphere Security Research Challenge, researchers surfaced 20 Critical or Important severity security vulnerabilities, with Microsoft awarding $374,300 in bounty awards for … Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community Read More »
- New and improved Security Update Guide!by msrc on 21 Settembre 2020 at 10:24 pm
We’re excited to announce a significant update to the Security Update Guide, our one-stop site for information about all security updates provided by Microsoft. This new version will provide a more intuitive user experience to help protect our customers regardless of what Microsoft products or services they use in their environment. We’ve listened to your feedback and incorporated many … New and improved Security Update Guide! Read More »
- What to Expect When Reporting Vulnerabilities to Microsoftby MSRC Team on 21 Settembre 2020 at 5:00 pm
At the Microsoft Security Response Center’s (MSRC), our primary mission is to help protect our customers. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers get fixed. Many researchers report these … What to Expect When Reporting Vulnerabilities to Microsoft Read More »
- Control Flow Guard for Clang/LLVM and Rustby MSRC Team on 17 Agosto 2020 at 4:45 pm
As part of our ongoing efforts towards safer systems programming, we’re pleased to announce that Windows Control Flow Guard (CFG) support is now available in the Clang C/C++ compiler and Rust. What is Control Flow Guard? CFG is a platform security technology designed to enforce control flow integrity. It has been available since Windows 8.1 … Control Flow Guard for Clang/LLVM and Rust Read More »
- Congratulations to the MSRC’s 2020 Most Valuable Security Researchersby Sylvie Liu on 5 Agosto 2020 at 4:00 pm
Today we announce our Most Valuable Security Researchers for 2020! The MSRC Researcher Recognition program is an integral aspect of recognizing the ongoing partnerships with our community of talented security researchers who report through Coordinated Vulnerability Disclosure (CVD). These recognitions run throughout specific periods of the year and provide regular opportunities to recognize those who … Congratulations to the MSRC’s 2020 Most Valuable Security Researchers Read More »
- Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewardsby Jarek Stanley on 4 Agosto 2020 at 3:58 pm
Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective respect and gratitude. The security landscape is constantly changing with emerging technology and new threats. By … Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards Read More »
- Fedora 32: moodle 2020-db73e37548>by LinuxSecurity Advisories on 27 Novembre 2020 at 9:10 pm
Fix for multiple CVEs
- Fedora 33: pam 2020-22532a1a81>by LinuxSecurity Advisories on 27 Novembre 2020 at 9:05 pm
fix CVE-2020-27780: authentication bypass when the user doesn't exist
- Fedora 33: asterisk 2020-6b277646c7>by LinuxSecurity Advisories on 27 Novembre 2020 at 9:04 pm
Update to upstream 17.9.0 for bug and security fixes
- Fedora 33: moodle 2020-304aa2c365>by LinuxSecurity Advisories on 27 Novembre 2020 at 9:04 pm
Fix for multiple CVEs
- Fedora 33: c-ares 2020-7473744de1>by LinuxSecurity Advisories on 27 Novembre 2020 at 9:04 pm
Security fix for CVE-2020-8277.
- Mageia 2020-0441: webkit2 security update>by LinuxSecurity Advisories on 27 Novembre 2020 at 4:15 pm
The webkit2 package has been updated to version 2.30.3, fixing several security issues and other bugs. A type confusion issue may lead to arbitrary code execution with a maliciously crafted web content, fixed with improved memory handling (CVE-2020-9948).
- LibreOffice 7.1 Office Suite Enters Beta, Promises a Plethora of Improvements>by Brittany Day on 27 Novembre 2020 at 1:14 pm
The Document Foundation has announced the general availability of the beta version of the LibreOffice 7.1 office suite series, which is due for release in early February 2021. The release promises a selction of improvements and new features, which you can learn more about in this 9 to 5 Linux article.
- Best forensic and pentesting Linux distros of 2020>by Brittany Day on 26 Novembre 2020 at 1:20 pm
Learn about five great forensic and pentesting Linux distros that will help you identify weaknesses in your network.
- OctopusWAF: A Customizable Open-Source WAF for High Performance Applications>by Brittany Day on 24 Novembre 2020 at 1:18 pm
- WireGuard Brings Speed and Simplicity to VPN Technology>by Brittany Day on 4 Novembre 2020 at 1:00 pm
VPN technology has become a critical part of our digital lives, serving a variety of purposes including securing wireless connections, resolving geographical limitations, reaching prohibited websites and protecting the privacy of sensitive data. However, the unfortunate reality is that many of the VPN protocols on the market today are comlex, slow, unstable and insecure. Luckily, the new, innovative Wireguard protocol has demonstrated significant promise in all of these areas - and has earned a place in the mainline Linux kernel as a result. This article will briefly explore VPN protocols and potential concerns when implementing a VPN, and will dive deeper into the unique benefits that Wireguard offers users.