What is an SBOM? Software bill of materials explained

Read Time:54 Second

An SBOM is a formal, structured record that not only details the components of a software product, but also describes their supply chain relationship. An SBOM outlines both what packages and libraries went into your application and the relationship between those packages and libraries and other upstream projects—something that’s of particular importance when it comes to reused code and open source.

You might be familiar with a bill of materials for an automobile. This is a document that goes into great detail about every component that makes your new car run. The auto supply chain is notoriously complex, and even though your car was assembled by Toyota or General Motors, many of its component parts were built by subcontractors around the world. The bill of materials tells you where each of those parts came from, and that knowledge isn’t just an interesting bit of trivia. If a certain production run of airbags has been recalled, car manufacturers need a quick way to know where those particular airbags ended up.

To read this article in full, please click here

Read More

lua-5.4.4-3.fc35

Read Time:11 Second

FEDORA-2022-5b5889f43a

Packages in this update:

lua-5.4.4-3.fc35

Update description:

Update to the latest bugfixes (1-5) against 5.4.4. Includes fixes for CVE-2022-28805 and CVE-2022-33099.

Read More

lua-5.4.4-3.fc36

Read Time:11 Second

FEDORA-2022-b9ed35a7ad

Packages in this update:

lua-5.4.4-3.fc36

Update description:

Update to the latest bugfixes (1-5) against 5.4.4. Includes fixes for CVE-2022-28805 and CVE-2022-33099.

Read More

Cato Networks launches SSE system with customizable DLP capabilities

Read Time:37 Second

Israel-based SASE (secure access service edge) provider Cato Networks has announced a security service edge (SSE) offering, Cato SSE 360, that includes Cato DLP, a capability for data loss protection across business applications that allows for customizable rules.

Along with SSE 360, Cato is also offering a new expert certification for the SSE  architecture.

“Traditional SSE architectures are mostly proxy-based solutions which have limited visibility and control over WAN traffic as they only take into account the traffic from users to the internet,” says Boaz Avigad, director of product marketing at Cato Networks. “However, at some point they’ll need to cover data centers, on-prem and cloud. Cato SSE 360 does that.”

To read this article in full, please click here

Read More

GPS trackers used for vehicle fleet management can be hijacked by hackers

Read Time:48 Second

Hackers can exploit vulnerabilities in a popular GPS tracking device used around the world for vehicle fleet management across many industry sectors. The tracker, made by a Chinese company called MiCODUS, is widely available to purchase from online retailers and has anti-theft, fuel cut off, remote control, and geofencing capabilities.

“​​The exploitation of these vulnerabilities could have disastrous and even life-threatening implications,” researchers from cybersecurity assessment firm BitSight said in a report. “For example, an attacker could exploit some of the vulnerabilities to cut fuel to an entire fleet of commercial or emergency vehicles. Or the attacker could leverage GPS information to monitor and abruptly stop vehicles on dangerous highways. Attackers could choose to surreptitiously track individuals or demand ransom payments to return disabled vehicles to working condition. There are many possible scenarios which could result in loss of life, property damage, privacy intrusions, and threaten national security.”

To read this article in full, please click here

Read More