This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-27334.
Users in EU will have a choice
Google has just announced a change for users in Europe that will allow them to decide exactly how much data sharing is right for them. The new policy, which the company says is in response to the EU’s Digital Markets Act (DMA), allows users to opt out of data sharing for all, some or none of Google’s selected services. The services listed include YouTube, search, advertising services, Google Play, Chrome, Google Shopping and Google Maps. However, the policy is not airtight – Google will still share user information when necessary to perform a task (for example, when you pay for a purchase on Google Shopping using Google Pay), to comply with the law, to prevent fraud or to protect against abuse.
Read more Users in EU will have a choice
Nextcloud wins the Acteurs du Libre European Award 2023
Nextcloud has won the European Award of the Acteurs du Libre contest! This is a huge recognition for the community, the Nextcloud team, and the visionary leaders behind the project.
What is the Acteurs du Libre contest?
The Acteurs du Libre contest is part of the Open Source Experience event, which celebrates the achievements of Free Software companies, entrepreneurs, projects and associations. The contest awards six prizes every year, each honoring a different aspect of FOSS development, management or implementation: the Committed Public Service Award, the European Award in collaboration with APELL, the Business Development Award, the Best Open Source Strategy Award, the Open and Ethical Digital Award, and the Jury’s Special Award.
Read more Nextcloud wins the Acteurs du Libre European Award 2023
Patch your confluence if it’s not done yet
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
The Vulnerability has been marked with a maximum CVSS value (10/10) and allows you to create a Confluence administrator account from the Internet.
Doorbell
I have few blink cameras at home. And, to be honest, I’m really happy how they are working. So when I was looking for a doorbell, a one from blink was the obvious choice for me.
Company which I already know, application which I already have, integrated into my home assistant instance. Should be perfect.
Should be. After less than a month I’m sending it back. Blink is using a pair of lithium batteries. In all other cameras they are working few months. In the doorbell max is a week. It’s not a joke – one week. And this is when I set up a maximum energy saving options. No movement detection. No recording when system is armed. Nothing. Only recording when someone press the button.
I already have an alternative. Ring doorbell (2nd generation). It’s more expensive, but it’s working.
Ok. I had to install the application to set it up first time. And to integrate it with my Amazon account. But then I may not use it anymore. Not, if I want to use it as a doorbell only. And, to be honest, ring has a better integration with Alexa.
So at the end, I have few blink outdoor cameras, but ring doorbell 😂
Free safe DNS service.
If you are looking a free, sovereign and GDPR-compliant recursive DNS resolver with a strong focus on security or DNS safe to use for children, with filtering out content from the Internet that is not suitable for children, you should check https://www.dns0.eu/
Critical vulnerability in Fortinet products
https://www.fortiguard.com/psirt/FG-IR-22-300
Summary
An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.
Affected Products
FortiNAC version 9.4.0
FortiNAC version 9.2.0 through 9.2.5
FortiNAC version 9.1.0 through 9.1.7
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions
FortiNAC 8.5 all versions
FortiNAC 8.3 all versions
Critical vulnerability in Fortinet products
https://www.fortiguard.com/psirt/FG-IR-22-398
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Affected Products
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14
Bring your own key
What is bring your own key (BYOK)?
Bring your own key (BYOK) is an innovative concept to allow public cloud users to keep control of the cryptographic keys used in the cloud to secure their data. With public cloud services exploding, BYOK is now supported by all major cloud services. BYOK enables public cloud users to generate their own high-quality master key locally and securely transmit the key to a cloud service provider (CSP) to protect data in multi-cloud environments. To generate and manage high-quality keys, BYOK uses FIPS and Common Criteria Certified Hardware Security Modules (HSMs) that the cloud user maintains locally or leases as a service.
BYOK enables organizations that migrate to the cloud to achieve:
Read more Bring your own keyAtlassian released a patch for Confluence
For the latest CVE Atlassian released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1 which contain a fix for this issue.