Measuring & Improving Core Web Vitals

Google recently announced a proposed update to its search ranking algorithm: the Page Experience Update. This change, which launches in 2021, includes more performance signals in the ranking algorithm. A subtle but important feature of the update is that AMP will no longer be a requirement for...

shift-sg.com Cross Site Scripting vulnerability OBB-1358447

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Vulnerability fixed in Red Hat OpenShift Container Platform

Red Hat has fixed a vulnerability in the OpenShift Container Platform. A local user or application with elevated privileges can write a large amount of data within a pod to the /etc/hosts file. A malicious party could potentially exploit this vulnerability to cause a denial-of-service on the node...

openshift-ansible: cors allowed origin allows changing url protocol

A flaw was found in openshift-ansible. OpenShift Container Platform OCP 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perfo...

Bitcoin wxBitcoin/bitcoind Denial of Service Vulnerability

A vulnerability exists in Bitcoin wxBitcoin and bitcoind versions prior to 0.3.5. A remote attacker could use this vulnerability to cause a denial of service daemon crash via a Bitcoin transaction containing the OPLSHIFT script opcode...

July 7, 2020, update for Excel 2016 (KB4484437)

July 7, 2020, update for Excel 2016 KB4484437 This article describes update 4484437 for Microsoft Excel 2016 that was released on July 7, 2020.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to the...

The world is your authentication and identity oyster

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. The world is your authentication/identity oyster If you’re older than 10 years of age you’ve undoubtedly heard the phrase “The world is your oyster.” This basically mean...

Successful DevSecOps begins with a cultural shift

A successful DevSecOps approach fosters cohesive collaboration between Development, Security, and Operations teams for the cultivation of outcomes that improve security while also maintaining the goals of DevOps. Within DevSecOps, security is an additional foundational component in the process...

This Week in Security News: How the Cybercriminal Underground Has Changed in 5 Years and the NSA Warns of New Sandworm Attacks on Email Servers

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how, over the past five years, the cybercriminal underground has seen a major shift to new platforms, communications channels,...

openSUSE Security Update : gcc9 (openSUSE-2020-716)

This update includes the GNU Compiler Collection 9. This update ships the GCC 9.3 release. A full changelog is provided by the GCC team on : https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgccs1, libstdc++6 and others are now built by the gcc 9 packages. ...

OPENSUSE-SU-2020:0716-1 Security update for gcc9

This update includes the GNU Compiler Collection 9. This update ships the GCC 9.3 release. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgccs1, libstdc++6 and others are now built by the gcc 9 packages. T...

UBUNTU-CVE-2020-1759

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the...

Webinar — Autonomous Breach Protection: The New Security Paradigm Shift

Organizations today struggle with multi-product security stacks, that are expensive to purchase and maintain and also require a highly skilled security team to manually integrate and operate. The current Coronavirus crisis that has imposed a strict quarantine on organizations and security teams...

PT-2020-2659 · Jenkins · Jenkins Openshift Pipeline Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Pipeline Plugin versions 1.0.56 and earlier Description: The issue is related to the YAML parser in the Jenkins OpenShift Pipeline Plugin, which does not prevent the instantiation of arbitrary types. This results in a remote...

UBUNTU-CVE-2019-14876

In the lshift function of the newlib libc library, all versions prior to 3.3.0 see newlib/libc/stdlib/mprec.c, Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case...

Unspecified Vulnerability in ABB eSOMS

ABB eSOMS Electronic Shift Operations Management System is a plant operations management system from ABB Switzerland. ABB eSOMS contains a security vulnerability that could be exploited by an attacker to compromise sensitive user information by framing parts of the application on a malicious...

Unspecified Vulnerability in ABB eSOMS (CNVD-2020-19567)

ABB eSOMS Electronic Shift Operations Management System is a plant operations management system from ABB Switzerland. ABB eSOMS contains a security vulnerability that originates from a missing X-Content-Type-Options header in the HTTP response, which can be exploited by an attacker to execute...

Inrupt, Tim Berners-Lee's Solid, and Me

For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data. And for maybe half a decade, I have been talking about the...

Anviz CrossChex Buffer Overflow

Waits for broadcasts from Ainz CrossChex looking for new devices, and returns a custom broadcast, triggering a stack buffer overflow. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Anviz...

[SECURITY] [DLA 2085-1] zlib security update

Package : zlib Version : 1:1.2.8.dfsg-2+deb8u1 CVE ID : CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Several issues have been found in zlib, a compression library. They are basically about improper big-endian CRC calculation, improper left shift of negative integers and improper pointe...