This week, Microsoft was still struggling with vulnerabilities. Security researchers stated that cybercriminals are exploiting the vulnerability to target European and U.S. local governments. We also had a glimpse of Linux Kernel 5.19. The first release candidate is released now. The TuxCare team also announced the additional DevSecOps integrations. Cloudflare also introduced the Private Access Token, which can eliminate CAPTCHAs soon.
Table of Contents
Windows MSDT vulnerability is under attack
While users are waiting for Microsoft to release a patch for the MSDT vulnerability, the attackers are started targeting European and U.S. local governments. Attackers are using Rich Text Format documents to exploit the vulnerability, which is also known as Follina. The only solution provided by Microsoft is to disable the MSDT protocol. On the other hand, several organizations released unofficial patches. MalwareHunterTeam also stated that they found documents from China aiming to deploy a passport-stealing trojan.
Linux Kernel 5.19 release candidate 1 released
Linus Torvalds announced the general availability of the first release candidate of the upcoming Linux Kernel 5.19 series. The release candidate was released two weeks after the release of Linux Kernel 5.18. This also means that the development cycle is now officially started. Linux Kernel 5.19 will come with various improvements for AMD GPU users. It also includes various new and updated drivers, allowing the new version to support hardware better.
TuxCare has now three new DevSecOps integrations
The TuxCare team announced the availability of additional DevSecOps integrations. From now on, TuxCare has three new DevSecOps integrations with its ePortal management system. The new integrations of TuxCare DevSecOps are Ansible, Chef, and Puppet which are available through an API interface with ePortal; delivering patching and centralized license management capabilities. ePortal is used for deploying any new patches, and it is used in large infrastructure deployments.
Cloudflare introduces Private Access Tokens
Cloudflare introduced Private Access Tokens, a new private and invisible way to validate that website visitors are reals. The new feature eliminates CAPTCHAs to validate if website visitors are real users are not. Visitors who are using an operating system that is capable of supporting these tokens will be able to prove that they are human without CAPTCHA or providing personal data. PATs are able to abstract portions of the validation process, and confirm data without actually collecting, touching, or storing that data. The new solution asks the device vendor to do the validation.
SUSE Linux Enterprise 15 SP4 has landed with security improvements
SUSE released a new update for its enterprise-focused Linux distribution; bringing enhancements in security. SUSE Linux Enterprise 15 SP4, released approximately one year after the release of the SP3, comes with additional security-focused improvements alongside bug fixes and other enhancements. SLE 15 SP4 delivers is the new Supply-chain Levels for Software Artifacts Level 4 compliance, which is the highest level of SLSA compliance. The SP4 update also delivers confidential computing for AMD Secure Encrypted Virtualization-Encrypted State CPUs.
It is now much easier to compare WordPress plugins
rtCamp has announced WordPress Plugin Compare Project, making it easier to find the best WordPress plugins. It is an online tool allowing users to compare multiple plugins’ availability, latest updates, authors, current versions, required WordPress versions, etc. easily. rtCamp aims to improve the service with additional parameters, single plugin pages, plugin authors’ other plugins section, and a single page to see and filter all the plugins Currently, WP Plugin Compare has more than 55,000 plugins in its database.
Canonical published Linux Kernel security updates for Ubuntu
Canonical released new Linux Kernel security updates that fixes more than 30 vulnerabilities for all supported Ubuntu releases. The update addresses over 30 vulnerabilities. The updates came two weeks after the previous updates, which addressed three minor security flaws. The massive update is currently available for all supported Ubuntu releases. Two of these vulnerabilities were marked as a high priority, other ones were medium or low. While some of those flaws affect only some versions, some of them can affect all Ubuntu versions.