Ransomware and data breaches pose a massive risk to organizations, resulting in loss of customer trust and shareholder value, reputation damage, hefty fines, and penalties. Cyber risk is a top concern in US corporate boardrooms, elevating the role of the chief information security officer to rapid prominence. More than half (61%) of CISOs report to a board and board members are increasingly interested in what CISOs have to say. But technical skills alone won’t suffice for today’s CISO. Here are the top qualities that identify a next-generation chief information security officer.
Yearly Archives: 2022
Most Small Biz IaaS Users Seeing Surge in Attacks
Flaw allowed man to access private information of other Brinks Home Security customers
A Canadian man has revealed that the company he chose to provide security for his home was carelessly exposing the private information for other customers, even after he warned them about the problem.
Read more in my article on the Hot for Security blog.
New “Icefall” Bugs Include Critical DoS Flaw
USN-5750-1: GnuTLS vulnerability
It was discovered that GnuTLS incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause GnuTLS
to crash, resulting in a denial of service.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
sfnt2woff-zopfli-1.3.1-3.fc37
FEDORA-2022-8d29386f00
Packages in this update:
sfnt2woff-zopfli-1.3.1-3.fc37
Update description:
Fix a possible double free in woffEncode()
woff-0.20091126-33.fc35
FEDORA-2022-d50ded078e
Packages in this update:
woff-0.20091126-33.fc35
Update description:
Fix a possible double free in woffEncode().
Update License to SPDX
improved summary and description
Add hand-written man pages
Install HTML format description as documentation
woff-0.20091126-34.fc36
FEDORA-2022-706c76c4f0
Packages in this update:
woff-0.20091126-34.fc36
Update description:
Fix a possible double free in woffEncode().
Update License to SPDX
improved summary and description
Add hand-written man pages
Install HTML format description as documentation
CVE-2021-31693
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.