The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released the first report of the Cyber Safety Review Board (CSRB), formed in February as directed under President Biden’s May 2021 cybersecurity executive order. The public-private board comprises top cybersecurity personnel in the federal government and selected private sector information security professionals.
4500 transplant participants have been warned about a privacy breach affecting their healthcare information
A US debt collector has reported a breach of 1.9 million healthcare records across 650 providers
This is a current list of where and when I am scheduled to speak:
I’m speaking as part of a Geneva Centre for Security Policy course on Cyber Security in the Context of International Security, online, on September 22, 2022.
I’m speaking at IT-Security INSIDE 2022 in Zurich, Switzerland, on September 22, 2022.
The list is maintained on this page.
The BlackCat ransomware group has deployed a new binary to help with its intrusion efforts
python-ujson-5.4.0-1.el9
Security fix for CVE-2022-31116 and CVE-2022-31117.
Added
Add support for arbitrary size integers
Fixed
CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding
python-ujson-5.4.0-1.fc36
Security fix for CVE-2022-31116 and CVE-2022-31117.
Added
Add support for arbitrary size integers
Fixed
CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding
A self-proclaimed “super hacker” causes problems in the Magic Kingdom, criminals regret trusting Anom phones, and lawsuits are filed against TikTok.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.
Plus don’t miss our featured interview with Scott McCrady, the CEO of SolCyber Managed Security Services.
Turn on a PC running Microsoft Windows 8.1 and you’re likely to be greeted with a full-screen message warning that the operating system will no longer be supported after 10 January 2023, and – critically – will no longer be receiving any security updates.
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.
