Daily news about IBM AIX

I’m also trying to switch from spapr-vscsi & spapr-vlan devices to virtio. (There’s only one NIC on the vm, but have the same result with spapr-vlan enabled, in which case networking works fine)

If set to a static default like the offending (and imho insecure!) relative paths are no longer shown and works correctly. Update: I can block this behaviour by explicitly setting the variable which controls the order of searching and loading dynamic libraries (this is like on Linux).

Free Webinar – Supply Chain Attack PreventionRecent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.Discussion points Meeting PCI DSS 4.0 mandates. Blocking malicious components and unauthorized JavaScript execution. PIdentifying attack surfaces from third-party dependencies. Preventing man-in-the-browser attacks with proactive monitoring.

Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. CVE-2024-56346 (CVSS score: 10.0) – An improper access control vulnerability that could permit a remote attacker to execute arbitrary commands via the AIX nimesis NIM master service

According to an article, IBM License Metric Tool v9 can be attacked via several security vulnerabilities. In a warning message, IBM’s developers state that they have closed two “critical” security gaps (CVE-202456346, CVE-2024-56347) in the AIX server operating system.