A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site

Alerts

Oracle Linux Security Update

2nd September 2021

Oracle has released security updates to address vulnerabilities in bind and sssd. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Oracle Linux Security Advisories ELSA-2021-3325 and ELSA-2021-3336 and apply necessary updates.

HP Security Update

2nd September 2021

Hewlett Packard has released security updates to address vulnerabilities in HPE ArubaOS and SD-WAN. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review HP Security Advisory and apply necessary updates.

Debian Security Update

2nd September 2021

Debian has released security update to address a vulnerability in libssh. Exploitation of this vulnerability may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Debian Security Advisory and apply necessary updates.

Nodejs Security Update

2nd September 2021

NodeJS has released security updates to address vulnerabilities in Nodejs v14.x, and v12.x. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Nodejs Security Advisory and apply necessary updates.

Azure Cosmos DB Jupyter Notebook Feature vulnerability

2nd September 2021

Advisory No: TZCERT/SA/2021/08/31

Date of First Release: 31st August 2021

Source: Microsoft

Software Affected: 

  • Azure Cosmos DB 

Overview:

The vulnerability exists in the Azure Cosmos DB Jupyter Notebook feature. The exploitation of this vulnerability could allow a user to gain access to another customer’s resources by using the account’s primary read-write key.

Description:

The vulnerability is caused by a series of flaws in a Cosmos DB feature creating a loophole that allows any user to download, delete or manipulate a massive collection of commercial databases and read-write access to the underlying architecture of the Cosmos DB.  

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

Microsoft has fixed the flaw and issued a workaround that requires customers to regenerate their primary read-write keys. Users and administrators are advised to follow the steps described in this technical documentation.  

References:

  1. https://msrc-blog.microsoft.com/2021/08/27/update-on-vulnerability-in-the-azure-cosmos-db-jupyter-notebook-feature/
  2. https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databases
DISCLAIMER |FAQ |CONTACT US
Tanzania Computer Emergency Response Team © Copyright 2024, All Rights Reserved.