USN-6392-1: libppd vulnerability

Read Time:14 Second

It was discovered that libppd incorrectly parsed certain Postscript
objects. If a user or automated system were tricked into printing a
specially crafted document, a remote attacker could use this issue to cause
libppd to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Read More

USN-6391-1: CUPS vulnerability

Read Time:14 Second

It was discovered that CUPS incorrectly parsed certain Postscript objects.
If a user or automated system were tricked into printing a specially
crafted document, a remote attacker could use this issue to cause CUPS to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Read More

CVE-2019-19450

Read Time:15 Second

paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with ‘<unichar code=”‘ followed by arbitrary Python code, a similar issue to CVE-2019-17626.

Read More

USN-6390-1: Bind vulnerabilities

Read Time:26 Second

It was discovered that Bind incorrectly handled certain control channel
messages. A remote attacker with access to the control channel could
possibly use this issue to cause Bind to crash, resulting in a denial of
service. (CVE-2023-3341)

Robert Story discovered that Bind incorrectly handled certain DNS-over-TLS
queries. A remote attacker could possibly use this issue to cause Bind to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS, and Ubuntu 23.04. (CVE-2023-4236)

Read More

thunderbird-stable-3820230920095641.1

Read Time:21 Second

FEDORA-FLATPAK-2023-ee7c6eb99f

Packages in this update:

thunderbird-stable-3820230920095641.1

Update description:

Update to 102.15.1 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/ ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/ ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-37/ ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ ;
https://www.thunderbird.net/en-US/thunderbird/102.15.0/releasenotes/

Read More

CVE-2022-45448

Read Time:23 Second

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter.

Read More

Get the AT&T Cybersecurity Insights Report: Focus on Manufacturing

Read Time:5 Minute, 13 Second

We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Manufacturing. The report examines the edge ecosystem, surveying manufacturing IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on manufacturing report documented how we secure the data, applications, and endpoints that rely on edge computing (get the 2022 report).

Get the complimentary 2023 report

The robust quantitative field survey reached 1,418 security, IT, application development, and line of business professionals worldwide. The qualitative research tapped subject matter experts across the cybersecurity industry. Manufacturing-specific respondents equal 202.

At the onset of our research, we established the following hypotheses.

Momentum edge computing has in the market.
Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals.
Perceived risk and perceived benefit of the common use cases in each industry surveyed.

The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED and delivers actionable advice for securing and connecting an edge ecosystem – including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases.

The role of IT is shifting, embracing stakeholders at the ideation phase of development

Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings in the manufacturing industry.

In this paradigm, the role of IT has shifted from being the task master to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that manufacturing leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem.

One of the most promising aspects of edge computing is its potential to effectively use near-real-time data for tighter control of variable operations such as inventory and supply chain management that deliver improved operational efficiency. Adding new endpoints is essential for collecting the data, but how they’re connected can make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures.

Edge computing brings the data closer to where decisions are made

With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience.

With this level of complexity, it’s common to re-evaluate decisions regarding security, data storage, or networking. The report shares emerging trends as manufacturing continues exploring edge computing use cases. One area that’s examined is expense allocation, and what we found may surprise you. The research reveals the allocation of investments across overall strategy and planning, network, application, and security for the anticipated use cases that organizations plan to implement within the next three years.

Preparing to secure your manufacturing edge ecosystem.

Develop your edge computing profile. It is essential to break down the barriers that typically separate the internal line of business teams, application development teams, network teams, and security teams. Technology decisions should not be made in isolation but rather through collaboration with line of business partners. Understanding the capabilities and limitations of existing business and technology partners makes it easier to identify gaps in evolving project plans.

The edge ecosystem is expanding, and expertise is available to offer solutions that address cost, implementation, mitigating risks, and more. Including expertise from the broader manufacturing edge ecosystem increases the chances of outstanding performance and alignment with organizational goals.

Develop an investment strategy. During manufacturing edge use case development, organizations should carefully determine where and how much to invest. Think of it as part of monetizing the use case. Building security into the use case from the start allows the organization to consider security as part of the overall cost of goods (COG). It’s important to note that no one-size-fits-all solution can provide complete protection for all aspects of edge computing. Instead, organizations should consider a comprehensive and multi-layered approach to address the unique security challenges of each use case.

increase your compliance capabilities. Regulations in manufacturing can vary significantly. This underscores the importance of not relying solely on a checkbox approach or conducting annual reviews to help ensure compliance with the growing number of regulations. Keeping up with technology-related mandates and helping to ensure compliance requires ongoing effort and expertise. If navigating compliance requirements is not within your organization’s expertise, seek outside help from professionals specializing in this area.

Align resources with emerging priorities. External collaboration allows organizations to utilize expertise and reduce resource costs. It goes beyond relying solely on internal teams within the organization. It involves tapping into the expanding ecosystem of edge computing experts who offer strategic and practical guidance. Engaging external subject matter experts (SMEs) to enhance decision-making can help prevent costly mistakes and accelerate deployment. These external experts can help optimize use case implementation, ultimately saving time and resources.

Build-in resilience. Consider approaching edge computing with a layered mindset. Take the time to ideate on various “what-if” scenarios and anticipate potential challenges. For example, what measures exist if a private 5G network experiences an outage? Can data remain secure when utilizing a public 4G network? How can business-as-usual operations continue in the event of a ransomware attack?

Successful edge computing implementations in the manufacturing industry require a holistic approach encompassing collaboration, compliance, resilience, and adaptability. By considering these factors and proactively engaging with the expertise available, manufacturing will continue to unlock the potential of edge computing to deliver improved operational efficiency, allowing the industry to focus on innovation rather than operations.

Read More