Over the past few years, threat actors have adapted their tactics to focus more on specific operating systems and operating environments that carry the most sensitive data, or where an attack can have the greatest effect. By increasing the development and use of specialized techniques, cyber criminals increase their opportunities to steal intellectual property, ransom … ContinuedThe post Protecting vSphere From Specialized Malware appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2022/09/protecting-vsphere-from-specialized-malware.html?utm_source=rss&utm_medium=rss&utm_campaign=protecting-vsphere-from-specialized-malware
Cluttered is a state no one wants to be in, from your home to your cloud environments. Many applications do not use native Kubernetes workloads, and instead deploy individual pods. Each line for each pod can add up, leading DevSecOps teams to see replicas of the same instances the way that it shows up in Kubernetes – … ContinuedThe post Reduce Noise Within Your Containerized Workloads appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2022/09/reduce-noise-within-your-containerized-workloads.html?utm_source=rss&utm_medium=rss&utm_campaign=reduce-noise-within-your-containerized-workloads
OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068 Security Advisory Security Advisory Description CVE-2022-1292 The c_rehash script does not properly sanitise shell metacharacters to prevent ...
More info:
https://support.f5.com/csp/article/K21600298?utm_source=f5support&utm_medium=RSS
di Michael Hawkins. The mobile auto-login URL required additional sanitizing to prevent an open redirect risk.Severity/Risk:MinorVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:petermasterCVE identifier:CVE-2022-35652Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72171Tracker issue:MDL-72171 Open redirect risk in mobile auto-login feature
More info:
https://moodle.org/mod/forum/discuss.php?d=436459&parent=1756387
di Michael Hawkins. A minor reflected XSS risk was identified in the LTI module. This did not impact authenticated users.Severity/Risk:MinorVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:Luuk VerhoevenCVE identifier:CVE-2022-35653Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72299Tracker issue:MDL-72299 LTI module reflected XSS risk -
More info:
https://moodle.org/mod/forum/discuss.php?d=436460&parent=1756388
di Michael Hawkins. The Mustache template library included with Moodle has been upgraded to the latest version, which includes a fix for a serious security issue.Severity/Risk:SeriousVersions affected:4.0 to 4.0.2, 3.11 to 3.11.8, 3.9 to 3.9.15 and earlier unsupported versionsVersions fixed:4.0.3, 3.11.9 and 3.9.16Reported by:Lars BonczekCVE identifier:CVE-2022-0323Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75388Tracker issue:MDL-75388
More info:
https://moodle.org/mod/forum/discuss.php?d=437684&parent=1761481
di Michael Hawkins. The upstream Moodle machine learning backend and its reference in /lib/mlbackend/python/classes/processor.php were upgraded, which includes some security updates. Please note:If you are using Moodle Analytics, an upgrade to the mlbackend is required. See the Analytics settings documentation for more information about required versions and how to upgrade.Severity/Risk:MinorVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions
More info:
https://moodle.org/mod/forum/discuss.php?d=436461&parent=1756389
di Michael Hawkins. Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.Severity/Risk:SeriousVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Adam Roberts, NCC GroupCVE identifier:CVE-2022-40313Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68066Tracker
More info:
https://moodle.org/mod/forum/discuss.php?d=438392&parent=1764793
di Michael Hawkins. Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.Severity/Risk:MinorVersions affected:4.0 to 4.0.2 and 3.11 to 3.11.8Versions fixed:4.0.3 and 3.11.9Reported by:Paul HoldenCVE identifier:CVE-2022-2986Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75326Tracker issue:MDL-75326 CSRF risk in enabling/disabling installed H5P libraries
More info:
https://moodle.org/mod/forum/discuss.php?d=437685&parent=1761482
di Michael Hawkins. A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.Severity/Risk:SeriousVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Paul HoldenCVE identifier:CVE-2022-40314Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75405Tracker issue:MDL-75405 Remote code execution risk when
More info:
https://moodle.org/mod/forum/discuss.php?d=438393&parent=1764794
