Some industrial systems have been exposed for three years
Monthly Archives: February 2023
Top cybersecurity M&A deals for 2023
Uncertainty and instability marked the end of 2022 for many in the tech sector, a trend that bled into the beginning of 2023. Following on the heels of a drought in IT talent came mass layoffs at many of the world’s biggest tech companies as predictions of recession loomed and war in Ukraine dragged on with no end in sight.
Global concern over cybersecurity has never been higher, with attacks coming fast and furious and in ever-growing numbers, and 65% of organizations planned to increase cybersecurity spending in 2023. That means CISOs may be pressured to do more with what they have as budgets shrink even as demand for security increases. And they should be aware of what could change if one of their vendors is acquired in this climate.
Refund and Invoice Scams Surge in Q4
New Threat Group Reviews Screenshots Before Striking
radare2-5.8.2-1.el8
FEDORA-EPEL-2023-c1bf7ff735
Packages in this update:
radare2-5.8.2-1.el8
Update description:
bigfix release fixing couple of possible bugffer overflows rated as CVE
radare2-5.8.2-1.el7
FEDORA-EPEL-2023-8535da02dc
Packages in this update:
radare2-5.8.2-1.el7
Update description:
bigfix release fixing couple of possible bugffer overflows rated as CVE
DSA-5346 libde265 – security update
Multiple security issues were discovered in libde265, an implementation of
the H.265 video codec which may result in denial of service and potentially
the execution of arbitrary code if a malformed media file is processed.
vim-stable-3720230209142410.1
FEDORA-FLATPAK-2023-aca09f139c
Packages in this update:
vim-stable-3720230209142410.1
Update description:
Update to vim 9.0.1293, with fixes for CVE-2022-47024, CVE-2023-0433
USN-5863-1: Linux kernel (Azure) vulnerabilities
It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)
Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation
in the Linux kernel contained multiple use-after-free vulnerabilities. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-42896)
It was discovered that the Xen netback driver in the Linux kernel did not
properly handle packets structured in certain ways. An attacker in a guest
VM could possibly use this to cause a denial of service (host NIC
availability). (CVE-2022-3643)
It was discovered that an integer overflow vulnerability existed in the
Bluetooth subsystem in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2022-45934)
CVE-2015-10076
A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability.