PwC study finds organizations have a long way to go on security
Monthly Archives: September 2022
Crypto-Thieves Cost Victims 53 Times What They Make
22 notable government cybersecurity initiatives in 2022
Cybersecurity continues to be high on the agenda of governments across the globe, with both national and local levels increasingly working to counter cybersecurity threats. Much like last year, 2022 has seen significant, government-led initiatives launched to help to address diverse security issues.
Here are 22 notable cybersecurity initiatives introduced around the world in 2022.
February
Israel commits to IDB cybersecurity initiative in Latin America, Caribbean
The Israeli government announced that it will join the Inter-American Development Bank (IDB) to establish a new cybersecurity initiative, committing $2 million USD to help strengthen cybersecurity capabilities in Latin America and the Caribbean (LAC). Israel’s funding would aid in building cyber capacity across the region by giving officials and policymakers access to forefront practices and world-leading knowledge and expertise, the government stated. “The cybersecurity initiative is paving the way for the safe and secure digitalization of Latin America and the Caribbean, one of the key elements for growth in the post-COVID era,” said Matan Lev-Ari, Israel’s representative on the IDB’s Board.
Recent cases highlight need for insider threat awareness and action
On September 1, a crew of US government offices launched the fourth-annual National Insider Threat Awareness Month (NITAM). The goal of the month-long event is to educate the government and industry about the dangers posed by insider threats and the role of insider threat programs. This year’s campaign focuses on the importance of critical thinking to help workforces guard against risk in digital spaces.
The NITAM launch announcement cited recent examples of insider threats in the digital space:
booth-1.0-251.4.bfb2f92.git.fc35
FEDORA-2022-e0a87993b8
Packages in this update:
booth-1.0-251.4.bfb2f92.git.fc35
Update description:
Remove Alias directive from booth@.service unit file
Security fix for CVE-2022-2553
booth-1.0-262.3.d0ac26c.git.fc36
FEDORA-2022-6744980220
Packages in this update:
booth-1.0-262.3.d0ac26c.git.fc36
Update description:
Remove Alias directive from booth@.service unit file
Security fix for CVE-2022-2553
IRS Warns of “Industrial Scale” Smishing Surge
php-8.0.24-1.fc35
FEDORA-2022-afdea1c747
Packages in this update:
php-8.0.24-1.fc35
Update description:
PHP version 8.0.24 (29 Sep 2022)
Core:
Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
Fixed bug GH-9361 (Segmentation fault on script exit php#9379). (cmb, Christian Schneider)
Fixed bug GH-9407 (LSP error in eval’d code refers to wrong class for static type). (ilutov)
Fixed bug php#81727: Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629). (Derick)
DOM:
Fixed bug php#79451 (DOMDocument->replaceChild on doctype causes double free). (Nathan Freeman)
FPM:
Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload). (Dmitry Menshikov)
Fixed bug php#77780 (“Headers already sent…” when previous connection was aborted). (Jakub Zelenka)
GMP
Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). (Girgias)
Intl
Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). (Girgias)
Phar:
Fixed bug php#81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628). (cmb)
PDO_PGSQL:
Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). (Yurunsoft)
Reflection:
Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). (cmb, Nicolas Grekas)
Fixed bug GH-9409 (Private method is incorrectly dumped as “overwrites”). (ilutov)
Streams:
Fixed bug GH-9316 ($http_response_header is wrong for long status line). (cmb, timwolla)
ZDI-22-1315: Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1316: Autodesk AutoCAD X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.