FEDORA-2023-943556a733
Packages in this update:
pypy3.8-7.3.11-1.3.8.fc37
Update description:
Update to 7.3.11. See https://doc.pypy.org/en/latest/release-v7.3.11.html
Security fix for CVE-2022-37454, CVE-2022-45061.
pypy3.8-7.3.11-1.3.8.fc37
Update to 7.3.11. See https://doc.pypy.org/en/latest/release-v7.3.11.html
Security fix for CVE-2022-37454, CVE-2022-45061.
Do you use the LastPass password manager? Did you know they suffered a data breach, and that your passwords may be at risk?
You do now. Here’s what you need to know.
The Trojan exploits known vulnerabilities in outdated WordPress plugins and themes
flatpak-runtime-f37-3720221117153339.5
flatpak-sdk-f37-3720221117153339.5
Updated flatpak runtime and SDK, including latest Fedora 37 security and bug-fix errata.
LockBit, a prominent ransomware-as-a-service (RaaS) operation, has apologized for an attack on the Toronto-based Hospital for Sick Children, also known as SickKids, and offered a free decryptor.
SickKids, a major pediatric teaching hospital, announced on December 19 that it had called a Code Grey system failure, as it was responding to a cybersecurity incident that was affecting several network systems at the hospital.
A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This issue affects some unknown processing. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is f053c5cc2bc44269b0496b5f275e349928a92ef9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217271.
qemu-6.2.0-17.fc36
ati-vga: out-of-bounds write in ati_2d_blt (CVE-2021-3638) (rhbz#1979882)
qxl: qxl_phys2virt unsafe address translation (CVE-2022-4144) (rhbz#2148542)
linux-user: default to -cpu max (rhbz#2121700)
It was discovered that usbredir incorrectly handled memory when
serializing large amounts of data in the case of a slow or blocked
destination. An attacker could possibly use this issue to cause
applications using usbredir to crash, resulting in a denial of
service, or possibly execute arbitrary code.
A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. This affects an unknown part of the file wp-print-friendly.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. Upgrading to version 0.5.3 is able to address this issue. The name of the patch is 437787292670c20b4abe20160ebbe8428187f2b4. It is recommended to upgrade the affected component. The identifier VDB-217269 was assigned to this vulnerability.
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
The digital world is ever-expanding in scope and influence, both in personal and professional matters. In the last few years, business operations have become increasingly dependent on technology, and on employees to use that technology safely. While remote and mobile work have been necessary and useful, they also open the door for cybercriminals to take advantage of lax security measures and employees’ ignorance of best practices.
So long as companies are carrying out some or all of their affairs in the digital realm, cybersecurity is easily as important as physical security. As one cybersecurity awareness training guide puts it: “if businesses are to thrive in the Fourth Industrial Revolution, security needs to be not only top of mind, but a fluent language.” Some of the most pressing reasons for cybersecurity training are detailed below.
1. Compliance with regulations
There are many areas of business operations which are governed by legal or regulatory oversight to protect against various risks inherent to digital activities. These include HIPAA, which outlines rules regarding private health information, PCI SSC, which seeks to strengthen payment account security, and GDPR, which regulates general data privacy. Complying with these regulations is necessary for several reasons, although the dominant motivator for compliance is that the organizations can and will impose fines on businesses that fail to meet standards.
It has often been said that a business is only as strong as its weakest link, and nowhere is this truer than in the world of data security. Any one employee can be a liability when it comes to the practices that an enterprise puts in place to protect consumer data as well as their own. When compliance is mandated and the threat of fines is looming, companies must ensure that all of their employees are properly trained and informed on the regulations in place.
2. Protecting enterprise assets
Aside from wanting to avoid fines, however, businesses should still attempt to meet these regulatory standards for their own good. While meeting the bare minimum of compliance standards will keep a company out of hot water with regulatory boards, it will not necessarily protect the company itself. According to one report from IBM, the average cost of a data breach is 4.35 million USD. Ensuring that employees are trained in cybersecurity awareness greatly decreases the risk of a data breach occurring, as well as ensuring that employees know how to respond in the event that there is an attack targeting the company’s data.
3. Protecting consumer data
Ostensibly protected by the aforementioned regulatory standards, consumer data is still at a huge risk of being obtained, stolen, or leveraged by cybercriminals. An attack that only targets a company’s internal data is dangerous to the company, but an attack that targets consumer data can have far-reaching consequences that affect thousands or millions of people.
The responsibility for password complexity and variation, device and website privacy settings, and the amount of data shared can be at least partially placed upon the consumer’s shoulders. But the company must have its own measures in place as well to protect against attacks on customer data.
Thorough and effective cybersecurity awareness training will reduce the chances of employee error leading to customer data being breached. When customer data is safe and protected, it establishes trust between the consumer and the business, and protects both from the liabilities that enterprises with weak security practices are subject to.
4. Establishing skill sets
In addition to protecting both the consumers and the business at large, cybersecurity awareness training can instill knowledge in employees that they will carry with them outside of work hours and use to their benefit, possibly even spreading it to their friends and family. Employees who learn how to detect and mitigate threats such as phishing, ransomware, spoofing, and deepfakes will be able to prevent those types of attacks not only on the company or its customers, but on their own personal data. They may even be more computer-literate in general and more receptive to technological advances that bring about change within the company, rather than being resistant and hesitant to learn.
5. Constantly changing landscape
Even a company with a highly trained workforce must still make cybersecurity awareness training a priority going forward. The world of computers and data security is constantly shifting and growing, and threats adapt along with it. It is vital to refresh employees’ training and update it to account for significant changes that come about on a frequent basis. No cybersecurity training is effective if it is treated as a “one-and-done” affair, because no training can predict and guard against future advances on both the company’s end and the attackers’ end.
At the end of the day, a company must be responsible for protecting its own data as well as any data that consumers choose to share with it. All employees have the potential to put this data in danger, so all employees need to undergo cybersecurity awareness training to mitigate that risk. A training program combined with other effective security measures will make sure that employees are prepared to recognize risks, guard against threats, and recognize and react to attacks if and when they do occur. Cybersecurity awareness training programs come in many flavors to meet the varying needs of businesses everywhere, and it is not only advisable but crucial to establish some kind of training for employees.