Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.
Daily Archives: July 11, 2023
yajl-2.1.0-21.fc37
FEDORA-2023-852b377773
Packages in this update:
yajl-2.1.0-21.fc37
Update description:
Security fix for memory leak(s) leading to denial of service (CVE-2023-33460).
Security fix for integer overflow leading to heap corruption (CVE-2022-24795)
yajl-2.1.0-21.fc38
FEDORA-2023-00572178e1
Packages in this update:
yajl-2.1.0-21.fc38
Update description:
Security fix for memory leak(s) leading to denial of service (CVE-2023-33460).
Security fix for integer overflow leading to heap corruption (CVE-2022-24795)
Privacy of Printing Services
The Washington Post has an article about popular printing services, and whether or not they read your documents and mine the data when you use them for printing:
Ideally, printing services should avoid storing the content of your files, or at least delete daily. Print services should also communicate clearly upfront what information they’re collecting and why. Some services, like the New York Public Library and PrintWithMe, do both.
Others dodged our questions about what data they collect, how long they store it and whom they share it with. Some—including Canon, FedEx and Staples—declined to answer basic questions about their privacy practices.
How social media compromises information security
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Today’s companies operate in a complex security environment. On the one hand, the threat landscape is growing. Bad actors are becoming more and more refined as they get access to new tools (like AI) and offerings (like hacking-as-a-service). On the other hand, companies are dealing with more sensitive data than ever before. This has prompted consumers and regulators alike to demand for better security practices.
To top it all off, companies are operating in an increasingly decentralized digital model. Gone are the days of firewalls. Employees want to be able to access work from anywhere, and on their own networks and devices. This has heightened the prevalence of insider threats, making it much easier for employees to inadvertently (or intentionally) share corporate data with others.
One way that insider threats have become particularly problematic is through social media. In this article, we’re taking a closer look at how social media can compromise data security for organizations — and what they can do to address this concern.
The challenge with social media
Depending on the platform, social media encourages users to share information about their life and experiences in varying degrees. When it comes to employees, social media can easily be a channel to discuss work-related topics, whether that’s sharing excitement about an upcoming product feature, posting a photo of a company event, or even sharing sensitive information with a colleague via private chat features. This degree of sharing — both of personal and corporate information — can pose a number of challenges for businesses.
For starters, there’s a risk of accidentally sharing information. An employee could post a picture of their desk on Instagram to show off their lunch for the day or the view from their office and forget to blur the sensitive information on their computer screen. Alternatively, a software developer might seek out peers on a Reddit forum to try and solve a particular issue with their code, and inadvertently share proprietary code when asking for help.
Some social media channels also allow for a certain degree of anonymity. A disgruntled employee could take to Twitter or Reddit and make corporate secrets widely available to competitors or regulators.
On the other side of the equation, cybercriminals use social media platforms as resources for their attacks. These bad actors understand that people are prone to sharing information, so they access public profiles to try and glean useful information that can then be used for sophisticated social engineering attacks. In addition, they can use the likes of LinkedIn to map out an organizational structure, get access to corporate email addresses, and even identify when core individuals are on vacation. They can also review an individual’s follower or contact list, create a fake account for someone at the company that’s not on the list, and encourage the employee to share sensitive information.
All of these challenges can put a business at risk of sophisticated threats including phishing and other forms of social engineering, brand impersonation aimed at tricking customers, data theft, and even large-scale data breaches. Despite the potential impact of a social media leak, it’s notoriously difficult for companies to control the egress of data through these platforms. That said, below are some of the things companies can proactively do to mitigate these threats.
Staying ahead of social media threats
Businesses can’t dictate what their employees say on their personal social media accounts — that’s a given. That said, they can educate their users on the dangers of disclosing too much information and the best ways to protect their data, credentials, and corporate details. This can be done through onboarding training, gamified security weeks where employees are given challenges to identify and act out security best practices, as well as lunch and learns dedicated to security.
For companies that provide their employees with mobile devices, there’s also an opportunity to set clear expectations around what can be posted from a corporate device or not. They can also encourage individuals to change their phone passwords often, and to use a password manager for their social accounts.
There are also services and technologies that can help here. For example, companies can hire social media scanning services to identify fraudulent accounts and flag them to employees. In addition, a comprehensive data loss prevention tool can also be instrumental in identifying when sensitive data has been exposed and kickstarting an immediate response.
Evolving with the times
When it comes to maintaining robust security measures, companies have a responsibility to keep up with cultural shifts and the adoption of new platforms. Security practitioners need to be continually aware of any new threat vectors, incorporating new measures and policies as needed and keeping up with best practices. This is why having a robust, comprehensive, and iterative cybersecurity strategy — one that accounts for both insider and external threats — is more important than ever.
Moroccan Charged With OpenSea NFT and Crypto Theft
Individual allegedly used phishing website to harvest victim credentials
Man Charged With Remote Attack on Water Plant
E-commerce Fraud Surges By Over 50% Annually
sysstat-12.6.2-2.fc37
FEDORA-2023-4706cef256
Packages in this update:
sysstat-12.6.2-2.fc37
Update description:
Security fix for CVE-2023-33204
USN-6215-1: dwarves vulnerabilities
It was discovered that dwarves incorrectly handled certain memory
operations under certain circumstances. An attacker could possibly use this
issue to cause dwarves to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-3534, CVE-2022-3606)