USN-6028-2: libxml2 vulnerabilities

Read Time:29 Second

USN-6028-1 fixed vulnerabilities in libxml2. This update provides the
corresponding updates for Ubuntu 23.04.

Original advisory details:

It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash.
(CVE-2022-2309)

It was discovered that lixml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2023-28484)

It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash.
(CVE-2023-29469)

Read More

How can small businesses ensure Cybersecurity?

Read Time:5 Minute, 54 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Small businesses are more vulnerable to cyber-attacks since hackers view them as easy victims to target. While this may seem unlikely, statistics reveal that more than half of these businesses experienced some form of cyber-attack in 2022. It’s also reported that state-sponsored threat actors are diversifying their tactics and shifting their focus toward smaller enterprises.

Cyber-attacks against small-sized businesses do not always make headlines, but they have potentially catastrophic impacts. These attacks can result in significant financial and data loss, sometimes shutting down the business. Therefore, it’s crucial that small businesses make cybersecurity a top priority.

What drives more cybersecurity attacks on small businesses?

Small businesses are on the target list of hackers mainly because they focus less on security. On average, SMBs and small businesses allocate 5%-20% of their total budget to security. Additionally, human mistakes are the root cause of 82% of cyber breaches in organizations. Cybercriminals take advantage of their weak security infrastructure and exploit the behavior of careless employees to launch insider threats and other cyber-attacks successfully.

A report reveals various cyber-attacks that often target small businesses, such as malware, phishing, data breaches, and ransomware attacks. Also, small businesses are vulnerable to malware, brute-force attacks, ransomware, and social attacks and may not survive one incident.

The influx of remote working culture has added new challenges and cybersecurity risks for small businesses. This culture has given rise to a large number of personal devices like mobile phones, laptops, and tablets that can easily access sensitive information. Many employees don’t undergo regular scans of their phones and laptops for potential vulnerabilities.

In addition, few companies can provide access to password management software or VPNs to protect their internet connection and credentials and maintain security on rogue Wi-Fi networks. Statistics also reveal that only 17% of small businesses encrypt their data, which is alarming.

Moreover, small businesses are at a higher risk of being attacked because they have limited resources to respond to cyber-attacks. Unlike large organizations, they don’t have a dedicated IT team with exceptional skills and experience to deal with complex cyber-attacks. They also have a limited budget to spend on effective cyber security measures. Hence they don’t invest in advanced cybersecurity solutions or hire professionals to manage their cybersecurity.

Impacts of a Cybersecurity attack on small businesses

Cyber-attacks on small businesses can result in severe consequences – like financial loss, reputational damage, legal ramifications, and disruptions in operations. Below is a better insight into the effects of a potential cyber-attack on small businesses:

Loss of money

A cyber-attack may cause small businesses to lose billions of dollars. A report predicted that the attacks on small businesses will cost the global economy $10.5 trillion by 2025. Also, the average data breach cost to small businesses increased to $2.98 million in 2021, and these figures will likely increase with time. Sometimes small businesses will need to pay to compensate customers, investigate the attack, or implement additional security measures – all of which add up to more financial costs.

Reputational damage

A possible cyber-attack can also damage the business’s reputation and erodes customers’ trust. Suppose a customer’s, partner’s, or supplier’s sensitive data gets exposed to attackers. In that case, it negatively affects the company’s reputation. This might cause them to lose valuable clients, which can also lead to the unexpected closure of the business. According to the National Cybersecurity Alliance, 60% of small and mid-size companies get shut down within six months of falling victim to a cyber-attack. It might take a lot of time and effort to restore the client trust and restore the organization’s reputation.

Disruptions in operations

Small businesses often face operational disruption after a cyber-attack. They may experience downtime or lose access to critical business data – which leads to lost opportunities and delays in operations. This negatively impacts your business as you fail to meet customer demands.

Legal ramifications

Small organizations are also subject to various industry legal and regulatory regulations like GDPR, HIPAA, and CCPA to maintain data privacy. A cyber-attack resulting in valuable data loss ultimately triggers regulatory penalties. As a result, small businesses may face lawsuits and hefty fines for non-compliance, further adding financial strains. A Small Business Association Office of Advocacy report finds that the cost of lawsuits for small firms ranges from $3,000 to $150,000. Therefore, protecting the clients’ data is better than facing compliance issues.

Actionable Cybersecurity tips for small businesses

With  51% of small businesses having limited cybersecurity measures, adopting preventive measures to protect networks and employees from malicious threat actors is crucial. Some of the best practices that you, as an owner of a small business, can exercise to reduce the attack vector includes:

Educate employees by providing regular training sessions and conducting awareness programs about cyber-attacks like phishing, malware, or social engineering techniques. Ensure that the employees at all levels understand the risks and learn how to detect and respond to these attacks.
Create a comprehensive cybersecurity policy outlining the employees’ guidelines, best practices, and responsibilities regarding data protection, password management, incident reporting, and acceptable use of technology.
With the rise of remote and hybrid working culture, it’s crucial to ensure that all remote workers use online security tools like a virtual private network (VPN). It maintains data safety and privacy and enables the workers to access the company’s resources safely.
Deploy a regular data backup strategy to prevent data loss due to phishing or ransomware attacks. Store the backups offline or within secure cloud storage to ensure they are not easily accessible by attackers.
Regularly monitor and assess systems using inexpensive security tools to detect and respond to threats in real-time. Conduct regular security assessments, vulnerability scans, or penetration testing to identify potential vulnerabilities within the system and address them promptly.
Creating an incident response plan (IRP) helps small businesses prevent cyber-attacks by providing a structured approach to detect, respond, and mitigate security incidents. It outlines roles, procedures, and protocols – enabling effective action to minimize damage, protect data, and restore operations, ultimately strengthening the business’s cybersecurity defenses.

These are some of the effective steps that small businesses and start-ups can take to reduce the likelihood of a data breach or decrease the negative impact when an attack occurs.

Final thoughts

Small businesses face many cybersecurity threats and challenges that can affect their reputation and making it difficult to run their business successfully. The best way to ensure a healthy cybersecurity culture is to deploy a successful security awareness and training program. This assures employees are well aware of the threats and how to respond at the right time. To sum up, by prioritizing cybersecurity and adopting proactive measures, small businesses can safeguard their digital assets and mitigate potential threats in today’s increasingly interconnected world.

Read More

10 security tool categories needed to shore up software supply chain security

Read Time:38 Second

As security leaders progress in their establishment of software supply chain security programs, they face a good news-bad news situation with the tools available to them — literally: the technology is rapidly advancing for good and for bad.

The good news of the rapidly advancing software supply chain security technology is that the brisk pace of innovation provides increasing opportunities to gain greater visibility and transparency into the vast array of components and code that feed into software portfolios.

The bad news, however, is that experimentation and innovation are going in many different directions at the same time and the tools landscape is a confusing mash-up of new and evolving category acronyms and niche products.

To read this article in full, please click here

Read More

php-8.1.20-1.fc37

Read Time:1 Minute, 52 Second

FEDORA-2023-2b7eeaaee5

Packages in this update:

php-8.1.20-1.fc37

Update description:

PHP version 8.1.20 (08 Jun 2023)

Core:

Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)). (nielsdos)
Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). (Bob)
Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash). (Bob)

Date:

Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset). (nielsdos)

Exif:

Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes). (nielsdos)

FPM:

Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)). (Jakub Zelenka)
Fixed bug php#64539 (FPM status page: query_string not properly JSON encoded). (Jakub Zelenka)
Fixed memory leak for invalid primary script file handle. (Jakub Zelenka)

Hash:

Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments). (nielsdos)

LibXML:

Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0). (nielsdos)

Opcache:

Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov)
Fixed too wide OR and AND range inference. (nielsdos)
Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault). (nielsdos)

PGSQL:

Fixed parameter parsing of pg_lo_export(). (kocsismate)

Phar:

Fixed bug GH-11099 (Generating phar.php during cross-compile can’t be done). (peter279k)

Soap:

Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos)

SPL:

Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). (nielsdos)

Standard:

Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file). (ilutov)
Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect). (nielsdos)

Streams:

Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). (nielsdos)
Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos)
Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). (nielsdos)

Read More

USN-6144-1: LibreOffice vulnerabilities

Read Time:30 Second

It was discovered that LibreOffice did not properly validate the number of
parameters passed to the formula interpreter, leading to an array index
underflow attack. If a user were tricked into opening a specially crafted
spreadsheet file, an attacker could possibly use this issue to execute
arbitrary code. (CVE-2023-0950)

Amel Bouziane-Leblond discovered that LibreOffice did not prompt the user
before loading the host document inside an IFrame. If a user were tricked
into opening a specially crafted input file, an attacker could possibly use
this issue to cause information disclosure or execute arbitrary code.
(CVE-2023-2255)

Read More