KB5034862: Servicing stack update for Windows Server 2016: February 13, 2024

KB5034862: Servicing stack update for Windows Server 2016: February 13, 2024 REMINDER Windows 10, version 1607 Mobile and Mobile Enterprise editions reached the end of support EOS on October 9, 2018. These editions will no longer be offered servicing stack updates.Windows 10, version 1607 IoT Cor...

KB5034864: Servicing stack update for Windows 10: February 13, 2024

KB5034864: Servicing stack update for Windows 10: February 13, 2024 REMINDER Windows 10, version 1507 reached the end of support EOS on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise LoT editions. After April 9, 2019, these devices are no longer offered...

CISA and OpenSSF Release Framework for Package Repository Security

The U.S. Cybersecurity and Infrastructure Security Agency CISA announced that it's partnering with the Open Source Security Foundation OpenSSF Securing Software Repositories Working Group to publish a new framework to secure package repositories. Called the Principles for Package Repository...

SUSE-SU-2024:0430-1 Security update for cosign

This update for cosign fixes the following issues: Updated to 2.2.3 jscSLE-23879: Bug Fixes: Fix race condition on verification with multiple signatures attached to image 3486 fixclean: Fix clean cmd for private registries 3446 Fixed BYO PKI verification 3427 Features: Allow for option in cosign...

CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security

Today, CISA partnered with the Open Source Security Foundation OpenSSF Securing Software Repositories Working Group to publish the Principles for Package Repository Securitylink is external framework. Recognizing the critical role package repositories play in securing open source software...

CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers

Today, CISA and the Federal Bureau of Investigation FBI published guidance on Security Design Improvements for SOHO Device Manufacturers as a part of the new Secure by Design SbD Alert series that focuses on how manufacturers should shift the burden of security away from customers by integrating...

SUSE-SU-2024:0206-1 Security update for tomcat

This update for tomcat fixes the following issues: Security fixes: - CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing. bsc1217649 Other fixes: - Streamline how patches are handled in the spec file of the package...

Virtuozzo Hybrid Server 7.5 Update 6 (7.5.6-87)

Virtuozzo Hybrid Server 7.5 Update 6 introduces new features and provides stability, usability, and security bug fixes. Additionally, it provides a new kernel 3.10.0-1160.105.1.vz7.214.3. Vulnerability id: PSBM-151015, PSBM-153331 A critical security issue in container suspend/resume in the...

SUSE-RU-2024:0184-1 Recommended update for tmux

This update for tmux fixes the following issues: - tmux: Null pointer dereference in window.c bsc1207393 CVE-2022-47016 - add patch for compactibility with new ncurses fixes bsc1210552 - disable utf8proc following upstreams not use it by default on non-macOS - switch to screen-256color as default...

CVE-2024-23208

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges...

January 23, 2024-KB5034582 Cumulative Update Preview for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2

January 23, 2024-KB5034582 Cumulative Update Preview for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 Release Date: January 23, 2024 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Windows 10...

About the security content of Safari 17.3

About the security content of Safari 17.3 This document describes the security content of Safari 17.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

OPENSUSE-SU-2024:0017-1 Security update for python-django-grappelli

This update for python-django-grappelli fixes the following issues: Update to 2.14.4: - CVE-2021-46898: Fixed views/switch.py vulnerable to protocol-relative URL attacks boo1216481 - Fixed: Redirect with switch user. - Improved: Remove extra filtering in AutocompleteLookup. - Improved: Added impo...

CVE-2023-41069

This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID...

CVE-2023-38607

The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings...

January 9, 2024—KB5034176 (Security-only update)

January 9, 2024—KB5034176 Security-only update REMINDER Windows Server 2008 SP2 Extended Security Updates third and final year of ESU ended on January 10, 2023. Many customers are taking advantage of Azures commitment to security and compliance and have moved to Azure to protect their Windows...

January 9, 2024—KB5034122 (OS Builds 19044.3930 and 19045.3930) - EXPIRED

January 9, 2024—KB5034122 OS Builds 19044.3930 and 19045.3930 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. ---...

January 9, 2024—KB5034129 (OS Build 20348.2227)

January 9, 2024—KB5034129 OS Build 20348.2227 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when...

Second Interdisciplinary Workshop on Reimagining Democracy

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy IWORD 2023 at the Harvard Kennedy School Ash Center. As with IWORD 2022, the goal was to bring together a diverse set of thinkers and practitioners to talk about how democracy might be reimagined for the...

Velociraptor 0.7.1 Release

Written by Dr. Michael Cohen Sigma Support, ETW Multiplexing, Local Encrypted Storage and New VQL Capabilities Highlight the Last Release of 2023 Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities th...