As the role of the CISO continues to grow in importance and gain more responsibility, many cybersecurity practitioners may wonder if they have what it takes to be successful in the role.
Technical expertise and experience are obviously huge assets. An effective CISO has the ability to evaluate and select security technology, communicate with technical staff and make crucial decisions about security infrastructure and architecture. Most already have experience leading and managing people, have established relationships with relevant stakeholders inside the organization and have lived through crisis situations. They know how to make quick decisions and drive change in the organization.
Advisory and professional services giant PwC UK is partnering with security firm ReversingLabs to develop a third-party risk management (TPRM) platform to help businesses address software supply chain security risks. Alongside ReversingLabs, the firm aims to help customers modernize traditional TPRM programs to better suit the modern software supply chain, operationalizing detection and mitigation of threats inherent in third-party software. Software supply chain risks pose complex and ongoing challenges for businesses across the globe.
Posted by Apple Product Security via Fulldisclosure on Mar 27
APPLE-SA-2023-03-27-7 watchOS 9.4
watchOS 9.4 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213678.
AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: A user may gain access to protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2023-23527: Mickey Jin (@patch1t)
Posted by Apple Product Security via Fulldisclosure on Mar 27
APPLE-SA-2023-03-27-9 Studio Display Firmware Update 16.4
Studio Display Firmware Update 16.4 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213672.
Display
Available for: macOS Ventura 13.3 and later
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management….
Posted by Apple Product Security via Fulldisclosure on Mar 27
APPLE-SA-2023-03-27-8 Safari 16.4
Safari 16.4 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213671.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may bypass Same
Origin Policy
Description: This issue was addressed with improved state management.
WebKit Bugzilla: 248615
CVE-2023-27932: an anonymous researcher…
Posted by Apple Product Security via Fulldisclosure on Mar 27
APPLE-SA-2023-03-27-6 tvOS 16.4
tvOS 16.4 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213674.
AppleMobileFileIntegrity
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: A user may gain access to protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2023-23527: Mickey Jin (@patch1t)
Posted by Apple Product Security via Fulldisclosure on Mar 27
APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5
macOS Big Sur 11.7.5 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213675.
Apple Neural Engine
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-23540: Mohamed GHANNAM (@_simo36)
Posted by Apple Product Security via Fulldisclosure on Mar 27
APPLE-SA-2023-03-27-2 iOS 15.7.4 and iPadOS 15.7.4
iOS 15.7.4 and iPadOS 15.7.4 addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT213673.
Accessibility
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone
SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod
touch (7th generation)
Impact: An app may be able to access information about a…
