A data breach is a security incident in which a malicious actor breaks through security measures to illicitly access data.
Data about individuals—names, birthdates, financial information, social security numbers and driver’s license numbers, and more—lives in innumerable copies across untold numbers of servers at private companies, public agencies, and in the cloud. If someone who isn’t authorized to access personally identifiable information (PII) manages to get a look at it, that can have dire consequences both for the individual and for the organization that stored the data and was supposed to keep it safe.
Since early 2021 researchers have observed multiple attack campaigns by state-sponsored advanced persistent threat (APT) groups aimed at journalists and the media organizations they work for. The attacks targeted their work emails and social media accounts and often followed journalists’ coverage of stories that painted certain regimes in a bad light or were timed to sensitive political events in the U.S.
Journalists have always been an appealing target for spies due to the access they have to sensitive information and the trust that organizations and individuals generally place in them, which is why it’s imperative for members of the media to undergo online security training and be aware of the techniques used by state-linked hackers.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released the first report of the Cyber Safety Review Board (CSRB), formed in February as directed under President Biden’s May 2021 cybersecurity executive order. The public-private board comprises top cybersecurity personnel in the federal government and selected private sector information security professionals.
Security fix for CVE-2022-31116 and CVE-2022-31117.
5.4.0
Added
Add support for arbitrary size integers
Fixed
CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding