Blog

by Michael Hawkins. Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.Severity/Risk:MinorVersions affected:3.11 to 3.11.5, 3.10 to 3.10.9, 3.9 to 3.9.12 and earlier unsupported versionsVersions fixed:3.11.6, 3.10.10 and 3.9.13Reported by:Andrew LyonsWorkaround:Remove the moodle/badges:configurecriteria capability from users to prevent them More info: https://moodle.org/mod/forum/discuss.php?d=432949&parent=1742075

by Michael Hawkins. The PHPMailer library included with Moodle has been upgraded to the latest version, which includes security fixes.Severity/Risk:MinorVersions affected:3.11 to 3.11.5, 3.10 to 3.10.9, 3.9 to 3.9.12 and earlier unsupported versionsVersions fixed:3.11.6, 3.10.10 and 3.9.13Reported by:Sara Arjona (@sarjona)CVE identifier:N/AChanges (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71703Tracker issue:MDL-71703 Upgrade PHPMailer to More info: https://moodle.org/mod/forum/discuss.php?d=432950&parent=1742077

by Michael Hawkins. The CKEditor included in the h5p-editor-php-library within Moodle has been upgraded to the latest version, which includes security fixes.Severity/Risk:MinorVersions affected:3.11 to 3.11.5, 3.10 to 3.10.9, 3.9 to 3.9.12 and earlier unsupported versionsVersions fixed:3.11.6, 3.10.10 and 3.9.13Reported by:Sara Arjona (@sarjona)CVE identifier:N/AChanges (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71722Tracker issue:MDL-71722 More info: https://moodle.org/mod/forum/discuss.php?d=432951&parent=1742078

New application development and modernization efforts are driving increased container adoption at a rapid pace. And according to Gartner, “By 2025, more than 85 percent of global organizations will be running containerized applications in production.”1 While there are many benefits to adopting containers and Kubernetes it also presents some challenges. The rise of containerized microservices … ContinuedThe post Securing the Container Lifecycle from Build to Run appeared first More info: https://blogs.vmware.com/security/2022/03/securing-the-container-lifecycle-from-build-to-run.html?utm_source=rss&utm_medium=rss&utm_campaign=securing-the-container-lifecycle-from-build-to-run

This article was written by Sudhir Devkar Summary AvosLocker Ransomware is a recent ransomware with the capability to encrypt Linux systems. AvosLocker seems to be targeting the VMware ESXi virtual machines and Virtual Machine File System (VMFS) files. By targeting VMs, AvosLocker takes advantage of faster and easier encryption of multiple servers with a single … ContinuedThe post AvosLocker – Modern Linux Ransomware Threats appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2022/02/avoslocker-modern-linux-ransomware-threats.html?utm_source=rss&utm_medium=rss&utm_campaign=avoslocker-modern-linux-ransomware-threats

Cybersecurity innovation defined Innovation (the verb) is the process of creating and delivering customer value. An innovation mindset is one that deeply understands the customer’s desired outcomes and creates value through new tools, processes, and approaches to facilitate those outcomes. In the case of cybersecurity innovation, it is not just going to be about ways to … ContinuedThe post The Cybersecurity Innovation Mindset appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2022/03/the-cybersecurity-innovation-mindset.html?utm_source=rss&utm_medium=rss&utm_campaign=the-cybersecurity-innovation-mindset

Multiple Intel CPU vulnerabilities Security Advisory Security Advisory Description CVE-2021-0091 Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated ... More info: https://support.f5.com/csp/article/K08173228?utm_source=f5support&utm_medium=RSS

Initial Publication Date: 2022/03/17 20:42 PST AWS is aware of an issue present in OpenSSL versions 1.0.2, 1.1.1, and 3.0 in which a certificate containing invalid explicit curve parameters can cause denial of service (DoS) by triggering an infinite logic loop. This issue was eliminated in the releases of OpenSSL 1.0.2zd, 1.1.1n, and 3.0.2. AWS is aware of this issue and is actively investigating for impact to AWS services. More info: https://aws.amazon.com/security/security-bulletins/AWS-2022-003/

Multiple libwebp vulnerabilities Security Advisory Security Advisory Description CVE-2018-25009 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ... More info: https://support.f5.com/csp/article/K14760551?utm_source=f5support&utm_medium=RSS

Intel CPU vulnerability CVE-2021-0127 Security Advisory Security Advisory Description Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to ... More info: https://support.f5.com/csp/article/K40778012?utm_source=f5support&utm_medium=RSS