от Michael Hawkins. The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.Severity/Risk:MinorVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Jari Vilkman and Bjørn TeistungWorkaround:Access to this feature can be revoked by removing the
More info:
https://moodle.org/mod/forum/discuss.php?d=438395&parent=1764796
от Michael Hawkins. A limited SQL injection risk was identified in the "browse list of users" site administration page.Severity/Risk:MinorVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:VincentCVE identifier:CVE-2022-40315Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75283Tracker issue:MDL-75283 Minor SQL injection risk
More info:
https://moodle.org/mod/forum/discuss.php?d=438394&parent=1764795
от Michael Hawkins. Insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.Severity/Risk:MinorVersions affected:4.0 to 4.0.2, 3.11 to 3.11.8, 3.9 to 3.9.15 and earlier unsupported versionsVersions fixed:4.0.3, 3.11.9 and 3.9.16Reported by:omaralbalouliCVE identifier:CVE-2022-40208Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75210Tracker
More info:
https://moodle.org/mod/forum/discuss.php?d=438761&parent=1766080
Introducing the platform The NSX Application Platform (NAPP) is a high-performance security analytics platform that hosts microservices-based applications (Figure 1.1). The following NSX Advanced Threat Prevention (ATP) security applications run on NAPP: NSX Intelligence Network Detection & Response (NDR) NSX Malware Prevention Why NAPP? NAPP is a microservices application platform that collects and analyzes large … ContinuedThe post Getting Started with NSX Application Platform
More info:
https://blogs.vmware.com/security/2022/11/getting-started-with-nsx-application-platform-napp.html?utm_source=rss&utm_medium=rss&utm_campaign=getting-started-with-nsx-application-platform-napp
Why is endpoint detection and response (EDR) considered non-negotiable for companies seeking catastrophic coverage for cyber incidents like ransomware? Every cyber insurer agrees on one thing – a set of controls to protect endpoints is a non-negotiable requirement for insurability. Without a demonstrably solid set of endpoint management and protection measures in place and operational 100% … ContinuedThe post Endpoint Protection is Key When it Comes to Cyber Insurance appeared
More info:
https://blogs.vmware.com/security/2022/11/endpoint-protection-is-key-when-it-comes-to-cyber-insurance.html?utm_source=rss&utm_medium=rss&utm_campaign=endpoint-protection-is-key-when-it-comes-to-cyber-insurance
Ransomware gangs have always been focusing on Windows systems, running on the PCs of average users. However, in recent years the focus started shifting from opportunistic attacks to targeted attacks against corporations because that’s where the big money is. This caused an evolution in almost all ransomware code bases, which started supporting Linux and the … ContinuedThe post ESXi-Targeting Ransomware: Tactics and Techniques (Part 2) appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2022/10/esxi-targeting-ransomware-tactics-and-techniques-part-2.html?utm_source=rss&utm_medium=rss&utm_campaign=esxi-targeting-ransomware-tactics-and-techniques-part-2
Greetings from the VMware Security Response Center! On November, 1st 2022 the OpenSSL Project disclosed CVE-2022-3602 and CVE-2022-3786 – potentially critical severity vulnerabilities present in OpenSSL 3.0.x. The VMware Security Response Center (vSRC) has been working with our various product engineering teams in an attempt to determine if the small subset of VMware products that … ContinuedThe post VMware Response to CVE-2022-3602 and CVE-2022-3786: vulnerabilities in OpenSSL
More info:
https://blogs.vmware.com/security/2022/11/vmware-response-to-cve-2022-3602-and-cve-2022-3786-vulnerabilities-in-openssl-3-0-x.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-response-to-cve-2022-3602-and-cve-2022-3786-vulnerabilities-in-openssl-3-0-x
Initial Publication Date: 2022/11/01 09:00 PDT AWS is aware of the recently reported issues regarding OpenSSL 3.0 (CVE-2022-3602 and CVE-2022-3786). AWS services are not affected, and no customer action is required. Additionally, Amazon Linux 1 and Amazon Linux 2 do not ship with OpenSSL 3.0 and are not affected by these issues. Customers utilizing Amazon Linux 2022, Bottlerocket OS or ECS-optimized Amazon Machine Images (AMIs) on Amazon ECS should read the instructions below. As a security
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2022-008/
OpenSSL vulnerabilities CVE-2022-3786 and CVE-2022-3602 Security Advisory Security Advisory Description CVE-2022-3786 A buffer overrun can be triggered in X.509 certificate verification, ...
More info:
https://support.f5.com/csp/article/K44030142?utm_source=f5support&utm_medium=RSS
Initial Publication Date: 2022/11/01 09:00 PDT AWS is aware of the recently reported issues regarding OpenSSL 3.0 (CVE-2022-3602 and CVE-2022-3786). AWS services are not affected, and no customer action is required. Additionally, Amazon Linux 1 and Amazon Linux 2 do not ship with OpenSSL 3.0 and are not affected by these issues. Customers utilizing Amazon Linux 2022, Bottlerocket OS or ECS-optimized Amazon Machine Images (AMIs) on Amazon ECS should read the instructions below. as a security
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2022-008/
