The group impersonated 19 law firms and debt collection agencies in the US, UK and Australia
Yearly Archives: 2022
NSA on Supply Chain Security
The NSA (together with CISA) has published a long report on supply-chain security: “Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.“:
Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. But the supplier also holds a critical responsibility in ensuring the security and integrity of our software. After all, the software vendor is responsible for liaising between the customer and software developer. It is through this relationship that additional security features can be applied via contractual agreements, software releases and updates, notifications and mitigations of vulnerabilities.
Software suppliers will find guidance from NSA and our partners on preparing organizations by defining software security checks, protecting software, producing well-secured software, and responding to vulnerabilities on a continuous basis. Until all stakeholders seek to mitigate concerns specific to their area of responsibility, the software supply chain cycle will be vulnerable and at risk for potential compromise.
They previously published “Securing the Software Supply Chain: Recommended Practices Guide for Developers.” And they plan on publishing one focused on customers.
vim-9.0.828-1.fc35
FEDORA-2022-3d354ef0fb
Packages in this update:
vim-9.0.828-1.fc35
Update description:
Security fix for CVE-2022-3705
2139842 – vim upgrade broke :! for displaying terminal output
“Disturbing” Rise in Nation State Activity, Microsoft Reports
The proportion of cyber-attacks perpetrated by nation states targeting critical infrastructure jumped from 20% to 40%
CVE-2021-41574
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none.
CVE-2021-34686
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none.
mingw-libtasn1-4.19.0-1.fc37
FEDORA-2022-19056934a7
Packages in this update:
mingw-libtasn1-4.19.0-1.fc37
Update description:
Update to 4.19.0, fixes CVE-2021-46848.
mingw-libtasn1-4.19.0-1.fc35
FEDORA-2022-061f857481
Packages in this update:
mingw-libtasn1-4.19.0-1.fc35
Update description:
Update to 4.19.0, fixes CVE-2021-46848.
mingw-libtasn1-4.19.0-1.fc36
FEDORA-2022-3c933ffaca
Packages in this update:
mingw-libtasn1-4.19.0-1.fc36
Update description:
Update to 4.19.0, fixes CVE-2021-46848.
mingw-expat-2.5.0-1.fc35
FEDORA-2022-c43235716e
Packages in this update:
mingw-expat-2.5.0-1.fc35
Update description:
Update to 2.5.0, fixes CVE-2022-43680.