It will focus on protecting suppliers to critical information infrastructure operators
Yearly Archives: 2022
Securing your organization against phishing can cost up to $85 per email
As phishing attacks increase, preventing them from doing damage is proving costly for organizations. Phishing-related activities are consuming a third of the total time available to IT and security teams and costing organizations anywhere between $2.84 and $85.33 per phishing email, according to a new report by Osterman Research.
The report does not calculate the cost of damage caused by phishing, rather the productivity loss of IT and security teams.
On average, organizations spend 16-30 minutes dealing with each phishing email identified in their email infrastructure, said the report, commissioned by email security firm Ironscales.
vim-9.0.803-1.fc37
FEDORA-2022-839fd408a5
Packages in this update:
vim-9.0.803-1.fc37
Update description:
patchlevel 803
The newest upstream commit
Security fixes for CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297, CVE-2022-3278.
Financial losses to synthetic identity-based fraud to double by 2024
Losses to imposter scams based on synthetic identities—identities that only exist as figments in a credit reporting bureau’s records—will rise from a reported $1.2 billion in 2020 to $2.48 billion by 2024 in the US, according to an analysis published Thursday by identity verification vendor Socure.
Synthetic identities became a common concern for businesses and financial institutions in the mid-2010s, Socure’s report said. Typically, such an identity is based on a real person, but with a slight tweak to some piece of personally identifiable information, like a different date of birth or Social Security number.
This altered identity is frequently verified by nothing more than a credit check—which means that it’s rarely detected. A fraudster can then use the identity for a wide array of purposes, including different types of loan applications and credit cards.
Attackers switch to self-extracting password-protected archives to distribute email malware
Distributing malware inside password-protected archives has long been one of the main techniques used by attackers to bypass email security filters. More recently, researchers have spotted a variation that uses nested self-extracting archives that no longer require victims to input the password.
“This is significant because one of the most difficult obstacles threat actors face when conducting this type of spam campaign is to convince the target to open the archive using the provided password,” researchers from Trustwave SpiderLabs said in a new report.
USN-5694-1: LibreOffice vulnerabilities
It was discovered that LibreOffice incorrectly handled links using the
Office URI Schemes. If a user were tricked into opening a specially
crafted document, a remote attacker could use this issue to execute
arbitrary scripts. (CVE-2022-3140)
Thomas Florian discovered that LibreOffice incorrectly handled crashes when
an encrypted document is open. If the document is recovered upon restarting
LibreOffice, subsequent saves of the document were unencrypted. This issue
only affected Ubuntu 18.04 LTS. (CVE-2020-12801)
Jens Müller discovered that LibreOffice incorrectly handled certain
documents containing forms. If a user were tricked into opening a specially
crafted document, a remote attacker could overwrite arbitrary files when
the form was submitted. This issue only affected Ubuntu 18.04 LTS.
(CVE-2020-12803)
It was discovered that LibreOffice incorrectly validated macro signatures.
If a user were tricked into opening a specially crafted document, a remote
attacker could possibly use this issue to execute arbitrary macros. This
issue only affected Ubuntu 18.04 LTS. (CVE-2022-26305)
It was discovered that Libreoffice incorrectly handled encrypting the
master key provided by the user for storing passwords for web connections.
A local attacker could possibly use this issue to obtain access to
passwords stored in the user’s configuration data. This issue only affected
Ubuntu 18.04 LTS. (CVE-2022-26306, CVE-2022-26307)
Interview with Signal’s New President
Long and interesting interview with Signal’s new president, Meredith Whittaker:
WhatsApp uses the Signal encryption protocol to provide encryption for its messages. That was absolutely a visionary choice that Brian and his team led back in the day - and big props to them for doing that. But you can’t just look at that and then stop at message protection. WhatsApp does not protect metadata the way that Signal does. Signal knows nothing about who you are. It doesn’t have your profile information and it has introduced group encryption protections. We don’t know who you are talking to or who is in the membership of a group. It has gone above and beyond to minimize the collection of metadata.
WhatsApp, on the other hand, collects the information about your profile, your profile photo, who is talking to whom, who is a group member. That is powerful metadata. It is particularly powerful—and this is where we have to back out into a structural argument for a company to collect the data that is also owned by Meta/Facebook. Facebook has a huge amount, just unspeakable volumes, of intimate information about billions of people across the globe.
It is not trivial to point out that WhatsApp metadata could easily be joined with Facebook data, and that it could easily reveal extremely intimate information about people. The choice to remove or enhance the encryption protocols is still in the hands of Facebook. We have to look structurally at what that organization is, who actually has control over these decisions, and at some of these details that often do not get discussed when we talk about message encryption overall.
Microsoft “BlueBleed” data breach: customer details and email content exposed
Microsoft says that it accidentally exposed sensitive customer data after failing to configure a server securely. But it’s far from happy with the security researchers who told them about the problem…
High, medium severity vulnerabilities impacting Zimbra Collaboration Suite
Threat actors are actively exploiting multiple Common Vulnerabilities and Exposures (CVEs) against enterprise cloud-hosted collaboration software and email platform Zimbra Collaboration Suite (ZCS), according to an advisory update jointly issued by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The latest update lists CVEs currently being exploited, warns that threat actors may be targeting unpatched ZCS instances in both government and private sector networks and includes a new Malware Analysis Report, MAR-10398871.r1.v2.
CVE-2021-33231 (service_manager)
Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.