This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Monthly Archives: July 2022
ZDI-22-1028: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
India’s cybersecurity skills shortage: Airtel Payments Bank’s CISO proposes a path forward
Manish Pandey, CISO of Airtel Payments Bank, has worked in several industries, including e-commerce, academics and fast-moving consumer goods ITeS, and banking. So he has seen first-hand the challenges of the cybersecurity skills gap in multiple contexts.
Pandey started his professional journey in cybersecurity with the Indian Computer Emergency Response Team, the government’s nodal agency to deal with cybersecurity threats. From there, he moved to several organisations with the intent of learning various domains within cybersecurity and information security. His goal was to eventually join the financial sector as cybersecurity plays a critical role in it — not only are the implications of a breach are profound in the financial sector, but he found the cybersecurity landscape challenging in that sector and thus an industry he could learn much in.
Smashing Security podcast #285: Uber’s hidden hack, tips for travel, and AI accent fixes
Uber may not face prosecution over its handling of a 2016 data breach – but its former chief security head does; how to defend your digital devices’ data while on vacation, and how to change your accent with artificial intelligence.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.
Plus don’t miss our featured interview with Ian Farquhar of Gigamon.
[R1] Tenable.sc 5.22.0 Fixes One Third-Party Vulnerability
[R1] Tenable.sc 5.22.0 Fixes One Third-Party Vulnerability
Arnie Cabral
Wed, 07/27/2022 – 18:26
Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of these issues. Tenable.sc 5.22.0 updates moment.js to version 2.29.4 to address the identified vulnerabilities.
Uber’s former head of security faces fraud charges after allegedly covering up data breach
The former Chief Security Officer of Uber is facing wire fraud charges over allegations that he covered up a data breach that saw hackers steal the records of 57 million passengers and drivers.
Read more in my article on the Hot for Security blog.
Why Whole-of-State Cybersecurity Is the Way Forward
The ransomware threat confronting SLTT government organizations have led some to advocate for a whole-of-state cybersecurity approach.
rt-5.0.3-1.fc36
FEDORA-2022-3b84211a66
Packages in this update:
rt-5.0.3-1.fc36
Update description:
Upstream security and bugfix update.
rt-4.4.6-1.fc35
FEDORA-2022-621dca5468
Packages in this update:
rt-4.4.6-1.fc35
Update description:
Upstream security and bugfix update.
Cyber-Criminal Offers 5.4m Twitter Users’ Data
The seller advertised the data on the Breached Forums site and demanded at least $30,000 for it