Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <=Â 4.4 versions.
Daily Archives: October 3, 2023
Hacking Gas Pumps via Bluetooth
Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment.
It’s a complicated crime to monetize, though. You need to sell access to the gas pump to others.
oneVPL-2023.3.1-1.fc38 oneVPL-intel-gpu-23.3.4-2.fc38
FEDORA-2023-b6aab4f954
Packages in this update:
oneVPL-2023.3.1-1.fc38
oneVPL-intel-gpu-23.3.4-2.fc38
Update description:
Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.
oneVPL-2023.3.1-1.fc37 oneVPL-intel-gpu-23.3.4-2.fc37
FEDORA-2023-760e5eb2c6
Packages in this update:
oneVPL-2023.3.1-1.fc37
oneVPL-intel-gpu-23.3.4-2.fc37
Update description:
Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.
oneVPL-2023.3.1-1.fc39 oneVPL-intel-gpu-23.3.4-2.fc39
FEDORA-2023-ea65146fd4
Packages in this update:
oneVPL-2023.3.1-1.fc39
oneVPL-intel-gpu-23.3.4-2.fc39
Update description:
Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.
oneVPL-2023.3.1-1.el9
FEDORA-EPEL-2023-ae01c7c775
Packages in this update:
oneVPL-2023.3.1-1.el9
Update description:
Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.
Strengthening Cybersecurity for small and medium-sized businesses: The importance of Security Orchestration, Automation, and Response (SOAR)
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Introduction:
In today’s increasingly complex threat landscape, small and medium-sized businesses (SMBs) face significant challenges in protecting their assets and reputation from cyber threats. We will explore the benefits of SOAR, its role in enhancing security operations, and its ability to mitigate risks, streamline incident response, and protect valuable business assets.
The rising cybersecurity challenge for SMBs:
SMBs often encounter resource constraints, limited budgets, and a shortage of skilled cybersecurity professionals. Cybercriminals recognize these vulnerabilities and actively target SMBs, seeking to exploit weaknesses in their security defenses. A successful cyber-attack can lead to financial losses, reputational damage, and even business disruption. It is crucial for SMBs to adopt robust cybersecurity strategies that enable efficient incident detection, response, and mitigation.
Enter SOAR: Streamlining security operations:
SOAR platforms empower SMBs to automate and orchestrate their security operations, bringing together people, processes, and technology to enhance their cybersecurity posture. The following are key reasons why SOAR is vital for SMBs:
Improved threat detection and response
SOAR enables the integration of various security tools, centralizing security events and alerts in a single console. By automating the analysis and correlation of these alerts, SMBs can detect and respond to potential threats in real-time. With SOAR, security teams can efficiently investigate incidents, triage alerts, and orchestrate response actions, reducing response times and minimizing the impact of security incidents.
Enhanced efficiency and resource optimization
SMBs often face resource limitations, making it challenging to maintain round-the-clock security monitoring and response capabilities. SOAR helps alleviate this burden by automating routine and repetitive tasks, freeing up security personnel to focus on more strategic activities. By streamlining workflows, SOAR enhances operational efficiency and optimizes resource utilization, even with limited staff and budgets.
Effective incident response and mitigation
SOAR platforms enable SMBs to develop standardized and automated incident response playbooks. These playbooks define predefined response actions based on the type and severity of security incidents. With automated incident response, SMBs can rapidly contain threats, mitigate risks, and minimize the potential damage caused by cyber-attacks. This capability is crucial in preventing breaches from escalating and safeguarding business assets.
Scalability and adaptability
SMBs often experience growth and evolving security needs. SOAR provides scalability by integrating with a wide range of security tools and technologies. As the SMB expands, the SOAR platform can accommodate new systems and adapt to changing security requirements, ensuring ongoing protection and flexibility.
Regulatory compliance and reporting
SMBs operating in regulated industries must meet specific compliance requirements. SOAR platforms simplify compliance management by automating data collection, generating audit reports, and ensuring adherence to industry regulations. This capability enables SMBs to demonstrate compliance and streamline their reporting processes, saving valuable time and effort.
Conclusion:
In the face of escalating cyber threats, SMBs must prioritize their cybersecurity defenses. Security Orchestration, Automation, and Response (SOAR) offers SMBs a comprehensive and proactive approach to protect their assets and reputation. By integrating security tools, automating workflows, and streamlining incident response, SOAR empowers SMBs to detect, respond to, and mitigate cyber threats effectively. Embracing SOAR technology allows SMBs to maximize their limited resources, optimize operational efficiency, and maintain a strong cybersecurity posture, ensuring their long-term success and resilience in the digital landscape.
The authors of this blog are from Vertek Corporation, a Master AT&T Cybersecurity USM Anywhere MSSP.
USN-6405-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2023-4057, CVE-2023-4577,
CVE-2023-4578, CVE-2023-4583, CVE-2023-4585, CVE-2023-5169, CVE-2023-5171,
CVE-2023-5176)
Andrew McCreight discovered that Thunderbird did not properly manage during
the worker lifecycle. An attacker could potentially exploit this issue to
cause a denial of service. (CVE-2023-3600)
Harveer Singh discovered that Thunderbird did not store push notifications
in private browsing mode in encrypted form. An attacker could potentially
exploit this issue to obtain sensitive information. (CVE-2023-4580)
Clément Lecigne discovered that Thunderbird did not properly manage memory
when handling VP8 media stream. An attacker-controlled VP8 media stream
could lead to a heap buffer overflow in the content process, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2023-5217)