FEDORA-2023-cfe20dbcab
Packages in this update:
mingw-glib2-2.74.1-2.fc37
Update description:
Backport patch for CVE-2023-24593.
mingw-glib2-2.74.1-2.fc37
Backport patch for CVE-2023-24593.
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. The name of the patch is 642ef1dc1751ab6642ce981fe126325bb574f898. It is recommended to upgrade the affected component. VDB-225002 is the identifier assigned to this vulnerability.
Cybersecurity firm Obsidian has launched its SaaS security posture management (SSPM) solution with new security and compliance tools to help organizations manage third-party SaaS integrations.
The SaaS-based deployment will feature three primary modules including Obsidian Compliance Posture Management (CPM), Obsidian Integration Risk Management, and Obsidian Extend.
“Obsidian not only provides posture hardening and third-party SaaS integration risk management, but also offers threat mitigation for SaaS,” said Glenn Chisholm, chief product officer and co-founder of Obsidian. “It remains the only company in the SaaS security industry to deliver a unified solution that covers all aspects of SaaS security comprehensively.”
It was discovered that trim-newlines incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2021-33623)
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
If cyber threats feel like faceless intruders, you’re only considering a fraction of the risk. Insider threats pose a challenge for organizations, often catching them by surprise as they focus on securing the perimeter.
There is a bright side, however. Understanding the threat landscape and developing a security plan will help you to mitigate risk and prevent cyber incidents. When designing your strategy, be sure to account for insider threats.
Perhaps unsurprisingly, insider threats are threats that come from within your organization. Rather than bad actors from the outside infiltrating your network or systems, these risks refer to those initiated by someone within your organization – purposefully or as a result of human error.
There are three classifications of insider threats:
Malicious insider threats are those perpetrated purposefully by someone with access to your systems. This may include a disgruntled employee, a scorned former employee, or a third-party partner or contractor who has been granted permissions on your network.
Negligent insider threats are often a matter of human error. Employees who click on malware links in an email or download a compromised file are responsible for these threats.
Unsuspecting insider threats technically come from the outside. Yet, they rely on insiders’ naivety to succeed. For example, an employee whose login credentials are stolen or who leaves their computer unguarded may be a victim of this type of threat.
Once you know what types of threats exist, you must know how to detect them to mitigate the risk or address compromises as quickly as possible. Here are four key ways to identify insider threats:
Third parties are the risk outliers that, unfortunately, lead to data compromise all too often. Monitoring and controlling third-party access is crucial to identifying insider threats, as contractors and partners with access to your networks can quickly become doorways to your data.
Consider monitoring employee access as well. Security cameras and keystroke logging are methods some companies may choose to monitor movement and usage, though they may not suit every organization.
Pivotal to risk mitigation – for insider threats or those outside your network – is an ongoing auditing process. Regular audits will help understand typical behavior patterns and identify anomalies should they arise. Automated audits can run based on your parameters and schedule without much intervention from SecOps. Manual audits are also valuable for ad hoc reviews of multiple or disparate systems.
A risk-aware culture is based on ongoing communication about threats, risks, and what to do should issues arise. It also means establishing a straightforward process for whistleblowing. SecOps, try as they might, cannot always be everywhere. Get the support of your employees by making it clear what to look out for and where to report any questionable activity they notice. Employees can also conduct self-audits with SecOps’ guidance to assess their risk level.
Prevention of insider threats relies on a few key aspects. Here are some best practices to prevent threats:
The low-hanging fruit in security is establishing strong authentication methods and defining clear password practices. Enforce strong, unique passwords, and ensure users must change them regularly. Multifactor authentication (MFA) will protect your network and systems if a user ID or password is stolen or compromised.
Granted, bad actors have to start somewhere, so screening and background checks do not eliminate every threat. Still, it’s helpful to have processes in place to screen new hires, so you know to whom you’re granting access to your systems. Depending on the nature of the relationship, this best practice may also apply to third-party partners, contractors, and vendors.
This may seem obvious to some, yet it’s often overlooked. Each user or user group in your organization should have clearly defined roles and access privileges relevant to their needs. For example, your valuable data is left on the table if entry-level employees have carte blanche across your network. Ensure roles and access levels are well-defined and upheld.
Most organizations have a clear and structured onboarding process for registering and bringing users online. Your onboarding process should include clear guidelines for network usage, an understanding of what will happen in the case of a data compromise (deliberate or accidental), where to report issues, and other security measures.
Just as important – if not more – as onboarding is the offboarding process. Languishing user accounts pose a major security risk as they lay theoretically dormant and unmonitored, and no user in the organization will notice if their account is being used. Ensure swift decommissioning of user accounts when employees leave the organization.
Apply strict access controls to all physical and digital access points across your organization. Use least privileged access to limit accessibility, as recommended above. Opt for stronger verification measures, including PKI cards or biometrics, particularly in more sensitive business areas. Secure desktops and install gateways to protect your environment from nodes to the perimeter.
Security requires everyone’s participation, yet organizations need buy-in from key leadership team members and nominated people or a team to hold the reigns. Establishing a governance team and well-defined procedures will ensure attention to security risks at all times and save valuable time should a breach occur.
“Organizations must be able to address the risks from malicious insiders who intentionally steal sensitive data for personal reasons as well as users who can accidentally expose information due to negligence or simple mistakes.”
Thankfully, you don’t have to do it all alone. With a data-aware insider threat protection solution, you can rest with the peace of mind that you – and your network – are safe.
bzip3-1.3.0-1.el8
This release fixes a memory heap corruption.
bzip3-1.3.0-1.fc36
This release fixes a memory heap corruption.