FEDORA-2023-eb3c27ff25
Packages in this update:
xorg-x11-server-Xwayland-22.1.9-1.fc37
Update description:
xwayland 22.1.9
Security fix for CVE-2023-1393
xorg-x11-server-Xwayland-22.1.9-1.fc37
xwayland 22.1.9
Security fix for CVE-2023-1393
xorg-x11-server-Xwayland-22.1.9-1.fc38
xwayland 22.1.9
Security fix for CVE-2023-1393
HP Inc. has announced the launch of HP Wolf Connect, a new IT management solution that provides resilient and secure connections to remote PCs. The solution enables IT teams to manage PCs remotely even if they are powered down or offline and was showcased at HP’s Amplify Partner Conference. HP Wolf Connect uses a cellular-based network that helps teams manage a dispersed hybrid workforce, reducing the time and effort needed to resolve support tickets, securing data from loss or theft, and optimizing asset management, the vendor said. The release comes as businesses face ongoing challenges in securing and managing the hybrid workforce.
For the first time, over a dozen cybersecurity companies have come together to produce an agnostic study titled LATAM CISO Report 2023: Insights from Industry Leaders. More than 200 CISOs in the Americas region, in addition to the Inter-American Development Bank (IDB), Latin American Federation of Banks (FELABAN), and the World Economic Forum (WEF), contributed to the report. Duke University conducted the survey.
The 2023 LATAM CISO Report offers different cybersecurity perspectives of industry leaders in Latin America. The report was created to identify gaps in security and the needs and limitations of organizations in Latin America that are preventing them from better securing themselves against cyberattacks. This document presents findings from a survey of leaders throughout the Latin American region. It provides guidelines and recommendations for creating public policies to develop and strengthen cyber capabilities.
Cyku Hong discovered that Nette was not properly handling and validating
data used for code generation. A remote attacker could possibly use this
issue to execute arbitrary code.
The Israeli identity-based cybersecurity provider Spera is exiting stealth mode to reveal a namesake offering with identity security posture management (ISPM) capabilities.
“Two of the most prominent identity-based attack vectors — stolen credentials and phishing—take the longest to detect and are most expensive to solve,” said Dor Fledel, co-founder and CEO of Spera. “Security professionals are really frustrated with the lack of tools for identity attack surface and risk management across their various environments. Spera provides visibility into enterprise identities and actions, where the biggest risks lie, and helps security teams rapidly improve security posture.”
Cloud threat detection and response (CDR) vendor Skyhawk has announced the incorporation of ChatGPT functionality in its offering to enhance cloud threat detection and security incident discovery. The firm has applied ChatGPT features to its platform in two distinct ways – earlier detection of malicious activity (Threat Detector) and explainability of attacks as they progress (Security Advisor), it said.
Skyhawk said the performance elevation achieved by integrating the AI Large Language Model (LLM) that ChatGPT offers has been significant, according to the firm. It claims its platform produced alerts earlier in 78% of cases when adding Threat Detector and Security Advisor ChatGPT scoring functionality. The new capabilities are generally available to Skyhawk customers at no additional charge. The release comes as the furor surrounding ChatGPT and its potential impact on cybersecurity continues to make the headlines, with Europol the latest to warn about the risks of ChatGPT-enhanced phishing and cybercrime.
Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other:
The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandora’s box. How will the networks manage keys, authenticate users, and moderate content? How much metadata will have to be shared, and how?
In our latest paper, One Protocol to Rule Them All? On Securing Interoperable Messaging, we explore the security tensions, the conflicts of interest, the usability traps, and the likely consequences for individual and institutional behaviour.
Interoperability will vastly increase the attack surface at every level in the stack from the cryptography up through usability to commercial incentives and the opportunities for government interference.
It’s a good idea in theory, but will likely result in the overall security being the worst of each platform’s security.
DarkBit, the group that claimed responsibility for a ransomware attack on Israel’s Technion university, is making good on its threat to sell the university’s data if the ransom went unpaid.
“The price of total bulk is 104 BTC (bitcoin) if anyone buys all of it at once,” said a message on DarkBit’s Telegram channel. It also offered data of individual faculties and departments at a prices ranging from 1 bitcoin (about $28,500) for civil and environmental engineering data to 40 bitcoins for data from the computer science department.
The group added that it also had other Technion data available. “There are some other more wondering subdomains ready for sale if they don’t stop putting pressure on our colleagues,” the group said.