21Articles
5Categories
2023-06-29Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
29 JunCVE-2023-24897 .NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityRevised the Security Updates table to include PowerShell 7.2 because this version of PowerShell 7 is affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/40](https://github.com/PowerShell/Announcements/issues/40) for more information.MSRC.MICROSOFT.COM
29 JunCVE-2023-24895 .NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityRevised the Security Updates table to include PowerShell 7.2 and PowerShell 7.3 because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/41](https://github.com/PowerShell/Announcements/issues/41) for more i…MSRC.MICROSOFT.COM
29 JunCVE-2023-29331 .NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityRevised the Security Updates table to include PowerShell 7.2 and PowerShell 7.3 because these versions of PowerShell 7 are affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/44](https://github.com/PowerShell/Announcements/issues/44) for more i…MSRC.MICROSOFT.COM
29 JunCVE-2023-32032 .NET and Visual Studio Elevation of Privilege VulnerabilityRevised the Security Updates table to include PowerShell 7.3 because this version of PowerShell 7 is affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/45](https://github.com/PowerShell/Announcements/issues/45) for more information.MSRC.MICROSOFT.COM
29 JunCVE-2023-33126 .NET and Visual Studio Remote Code Execution VulnerabilityRevised the Security Updates table to include PowerShell 7.2 because this version of PowerShell 7 is affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/46](https://github.com/PowerShell/Announcements/issues/46) for more information.MSRC.MICROSOFT.COM
29 JunCVE-2023-33128 .NET and Visual Studio Remote Code Execution VulnerabilityRevised the Security Updates table to include PowerShell 7.3 because this version of PowerShell 7 is affected by this vulnerability. See [https://github.com/PowerShell/Announcements/issues/47](https://github.com/PowerShell/Announcements/issues/47) for more information.MSRC.MICROSOFT.COM
29 JunChromium: CVE-2023-3420 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
29 JunChromium: CVE-2023-3421 Use after free in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
29 JunChromium: CVE-2023-3422 Use after free in Guest ViewThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2023) for more information.MSRC.MICROSOFT.COM
29 JunCVE-2023-23383 Service Fabric Explorer Spoofing VulnerabilityCorrected Download and Article links in the Security Updates table. This is an informational change only.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 2[−]
29 JunLog Centralization: The End Is Nigh?So I woke up the other day [A.C. — well, the other year as this blog has lingered ] with the scary thought: what if we will run out of the opportunities to centralize logs for security (and compliance) purposes at some point in the future . Or, as I pithily put it on Twitter: ( s…MEDIUM.COM
29 JunBrave aims to curb practice of websites that port scan visitorssubmitted by ndotb to security 8 points | 1 comments https://arstechnica.com/security/2023/06/brave-will-soon-control-which-sites-can-access-your-local-network-resources/ Yeah, uh… at least ublock’s EasyPrivacy list catches most of themARSTECHNICA.COM
📢 SECURITY ADVISORIES 2[−]
29 JunPatch me if you can: Cyberattack SeriesThe Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment. The post Patch me if you can: Cyberattack Series appeared first on Microsoft Security Blog .MICROSOFT.COM
29 JunMeet NIST Compliance Standards Using AutomationAchieve NIST compliance for your business without slowing down your team.TRENDMICRO.COM
🕵️ THREAT INTELLIGENCE 3[−]
29 JunGmail client-side encryption: A deep diveNicolas Lidzborski, Principal Engineer and Jaishankar Sundararaman, Sr. Director of Engineering, Google Workspace In February, we expanded Google Workspace client-side encryption (CSE) capabilities to include Gmail and Calendar in addition to Drive, Docs, Slides, Sheets , and Mee…SECURITY.GOOGLEBLOG.COM
29 JunBuilding Chainguard's container image registrysubmitted by 0xCBE to cloudsecurity 5 points | 0 comments https://www.chainguard.dev/unchained/building-chainguards-container-image-registry We’ve made a few changes to the way we host and distribute our Images over the last year to increase security, give ourselves more control …CHAINGUARD.DEV
29 JunKubernetes Security Basics Series Part I - Deployment and Container Orchestrationsubmitted by 0xCBE to cloudsecurity 6 points | 0 comments https://ksoc.com/blog/kubernetes-security-basics-series-part-i-deployment-and-container-orchestration This first post in a 9-part series on Kubernetes Security basics focuses on DevOps culture, container-related threats an…KSOC.COM
📡 INFOSEC NEWS 4[−]
29 JunRussian Cybersecurity Executive Arrested for Alleged Role in 2012 MegahacksNikita Kislitsin, formerly the head of network security for one of Russia's top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin's prosecution could soon put the Kazakhs…KREBSONSECURITY.COM
29 JunHuman vs Machine Identity Risk ManagementIn today's business world's dynamic and ever-changing digital landscape, organizations encounter escalating security challenges that demand a more business-friendly and pertinent approach.TRENDMICRO.COM
29 JunEmployee monitoring: Is ‘bossware’ right for your company?While employee monitoring software may boost productivity, it may also be a potential privacy minefield and it can affect your relationship with your employeesWELIVESECURITY.COM