Read Time:3 Second
State department wants information on Clop ransomware actors
Monthly Archives: June 2023
Finding the Nirvana of information access control or something like it
Read Time:49 Second
The recent arrest of US Air Force airman Jack Teixeira following his illegal sharing of classified information just to show off to his buddies shone a spotlight on the conversation surrounding access control. In Teixeira’s case, all the ingredients necessary to protect the classified information were in place, but sadly they appear to have been ignored and abused by Teixeira and his superiors.
In the mythical land of Nirvana, where everything is perfect, CISOs would have all the resources they needed to protect corporate information. The harsh reality, which each CISO experiences on the daily, is that few entities have unlimited resources. Indeed, in many entities when the cost-cutting arrives, it is not unusual for security programs that have not (so far) positioned themselves as a key ingredient in revenue preservation to be thrown by the wayside — if you ever needed motivation to exercise access control to information, there you have it.
8 notable entry-level cybersecurity career and skills initiatives in 2023
Read Time:41 Second
The cybersecurity sector has been battling a workforce shortage for years with cybersecurity training and certifications provider (ISC)2 estimating that the global skills gap currently sits at 3.4 million. There are over 600,000 current cyber-related job openings in the US alone, and the supply-to-demand ratio stands at 69%, the lowest it has been since 2010, according to Cyberseek.
Security leaders in organizations large and small often cite hiring and keeping security personnel as one of their biggest challenges, typically exacerbated by outdated, non-productive recruitment strategies. These have all too often put too much emphasis on years of experience or high-level, costly, and difficult-to-achieve security qualifications to demonstrate competency, even for cybersecurity roles deemed entry- or junior-level.
Millions of UK University Credentials Found on Dark Web
UK Pledges Millions in Cyber-Defense Aid to Ukraine
Read Time:3 Second
Funds will help to protect under-siege country’s critical infrastructure
USN-6176-1: PyPDF2 vulnerability
Read Time:12 Second
It was discovered that PyPDF2 incorrectly handled certain PDF files. If a
user or automated system were tricked into processing a specially crafted
file, an attacker could possibly use this issue to consume system
resources, resulting in a denial of service.
USN-6167-1: QEMU vulnerabilities
Read Time:1 Minute, 7 Second
It was discovered that QEMU did not properly manage the guest drivers when
shared buffers are not allocated. A malicious guest driver could use this
issue to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu
22.04 LTS and Ubuntu 22.10. (CVE-2022-1050)
It was discovered that QEMU did not properly check the size of the
structure pointed to by the guest physical address pqxl. A malicious guest
attacker could use this issue to cause QEMU to crash, resulting in a denial
of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10.
(CVE-2022-4144)
It was discovered that QEMU did not properly manage memory in the ACPI
Error Record Serialization Table (ERST) device. A malicious guest attacker
could use this issue to cause QEMU to crash, resulting in a denial of
service. This issue only affected Ubuntu 22.10. (CVE-2022-4172)
It was discovered that QEMU did not properly manage memory when DMA memory
writes happen repeatedly in the lsi53c895a device. A malicious guest
attacker could use this issue to cause QEMU to crash, resulting in a denial
of service. (CVE-2023-0330)
kubernetes-1.26.6-1.fc38
Read Time:8 Second
FEDORA-2023-c7f63322b5
Packages in this update:
kubernetes-1.26.6-1.fc38
Update description:
Upstream security update with additional bugfixes. Resolves CVE-2023-2431.
chromium-114.0.5735.133-1.el9
Read Time:12 Second
FEDORA-EPEL-2023-8f0f0d103a
Packages in this update:
chromium-114.0.5735.133-1.el9
Update description:
Update to 114.0.5735.133. Fixes the following security issues:
CVE-2023-3214, CVE-2023-3215, CVE-2023-3215, CVE-2023-3217,
chromium-114.0.5735.133-1.el8
Read Time:12 Second
FEDORA-EPEL-2023-3947e434d2
Packages in this update:
chromium-114.0.5735.133-1.el8
Update description:
Update to 114.0.5735.133. Fixes the following security issues:
CVE-2023-3214, CVE-2023-3215, CVE-2023-3215, CVE-2023-3217,