Software liability reform is liable to push us off a cliff
Like “SBOMs will solve everything,” there is a regular cry to reform software liability, specifically in the case of products with insecurities and vulnerabilities. US...
USN-5909-1: Linux kernel (Azure CVM) vulnerabilities
It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically...
White House Launches National Cybersecurity Strategy
The Strategy provides guidelines on how companies allocate roles and responsibilities in cyber space Read More
Trezor crypto wallets under attack in SMS phishing campaign
Willie Sutton, the criminal who became legendary for stealing from banks during a forty year career, was once asked, "Why do you keep robbing banks?"...
USN-5821-4: pip regression
USN-5821-3 fixed a vulnerability in pip. The update introduced a minor regression in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. This update...
WH Smith investigates hacking attack after employee data stolen
British high street giant WH Smith has revealed that it has suffered a "cybersecurity incident," which has seen hackers gain unauthorised access to its systems,...
nodejs16-16.19.1-4.fc37
FEDORA-2023-dc70a91343 Packages in this update: nodejs16-16.19.1-4.fc37 Update description: 2023-02-16, Version 16.19.1 'Gallium' (LTS), @richardlau This is a security release. Notable Changes The following CVEs are...
nodejs16-16.19.1-4.fc38
FEDORA-2023-3a6f96ad55 Packages in this update: nodejs16-16.19.1-4.fc38 Update description: 2023-02-16, Version 16.19.1 'Gallium' (LTS), @richardlau This is a security release. Notable Changes The following CVEs are...
Booking.com account takeover flaw shows possible pitfalls in OAuth implementations
Booking.com, one of the world's largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers...
Indigo Books & Music refuses to pay ransom after hackers stole employee information
Following what it called a "cybersecurity incident" three weeks ago, Canadian bookstore chain Indigo has not only confirmed that it was hit by a ransomware...