FEDORA-EPEL-2023-a1ed86449c
Packages in this update:
syncthing-1.23.5-1.el9
Update description:
Update to version 1.23.5. Addresses CVE-2022-46165.
syncthing-1.23.5-1.el9
Update to version 1.23.5. Addresses CVE-2022-46165.
syncthing-1.23.5-1.fc37
Update to version 1.23.5. Addresses CVE-2022-46165.
syncthing-1.23.5-1.fc38
Update to version 1.23.5. Addresses CVE-2022-46165.
New paper: “Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys“:
Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers. This paper explores these impacts via a multi-stage, mixed methods research design that involved 69 expert interviews, data on commercial relationships, and an online validation workshop. The first stage of our study established 11 stylized facts that describe how cyber insurance sends work to a small numbers of IR firms, drives down the fee paid, and appoints lawyers to direct technical investigators. The second stage showed that lawyers when directing incident response often: introduce legalistic contractual and communication steps that slow-down incident response; advise IR practitioners not to write down remediation steps or to produce formal reports; and restrict access to any documents produced.
So, we’re not able to learn from these breaches because the attorneys are limiting what information becomes public. This is where we think about shielding companies from liability in exchange for making breach data public. It’s the sort of thing we do for airplane disasters.
perl-HTML-StripScripts-1.06-22.fc37
Fixes CVE-2023-24038
perl-HTML-StripScripts-1.06-22.fc38
Fixes CVE-2023-24038
perl-HTML-StripScripts-1.06-22.el9
Fixes CVE-2023-24038
perl-HTML-StripScripts-1.06-22.el7
Fixes CVE-2023-24038
perl-HTML-StripScripts-1.06-22.el8
Fixes CVE-2023-24038
Bitdefender has uncovered a hidden malware campaign living undetected on mobile devices worldwide for more than six months. The campaign is designed to push adware to Android devices with the purpose of driving revenue.
“However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware,” Bitdefender said in a blog.