chromium-119.0.6045.159-1.fc37

Read Time:13 Second

FEDORA-2023-442c049c3c

Packages in this update:

chromium-119.0.6045.159-1.fc37

Update description:

update to 119.0.6045.159, upstream security release

High CVE-2023-5997, use after free in Garbage Collection
High CVE-2023-6112, use after free in Navigation

Read More

chromium-119.0.6045.159-1.el9

Read Time:55 Second

FEDORA-EPEL-2023-03f6b44faf

Packages in this update:

chromium-119.0.6045.159-1.el9

Update description:

update to 119.0.6045.159, upstream security release

High CVE-2023-5997, use after free in Garbage Collection
High CVE-2023-6112, use after free in Navigation

update to 119.0.6045.123. Security fix for CVE-2023-5996

update to 119.0.6045.105. Security fixes:

High CVE-2023-5480: Inappropriate implementation in Payments.
High CVE-2023-5482: Insufficient data validation in USB.
High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads.
Medium CVE-2023-5851: Inappropriate implementation in Downloads.
Medium CVE-2023-5852: Use after free in Printing.
Medium CVE-2023-5853: Incorrect security UI in Downloads.
Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode.
Medium CVE-2023-5856: Use after free in Side Panel.
Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Low CVE-2023-5859: Incorrect security UI in Picture In Picture.

Read More

chromium-119.0.6045.159-1.fc38

Read Time:16 Second

FEDORA-2023-5b46676afa

Packages in this update:

chromium-119.0.6045.159-1.fc38

Update description:

update to 119.0.6045.159, upstream security release

High CVE-2023-5997, use after free in Garbage Collection
High CVE-2023-6112, use after free in Navigation

Fix bz#2240127, audio/video decode issue in chromium

Read More

chromium-119.0.6045.159-1.fc39

Read Time:16 Second

FEDORA-2023-9425bb0115

Packages in this update:

chromium-119.0.6045.159-1.fc39

Update description:

update to 119.0.6045.159, upstream security release

High CVE-2023-5997, use after free in Garbage Collection
High CVE-2023-6112, use after free in Navigation

Fix bz#2240127, audio/video decode issue in chromium

Read More

Ransomware Gang Files SEC Complaint

Read Time:36 Second

A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days.

This is over the top, but is just another example of the extreme pressure ransomware gangs put on companies after seizing their data. Gangs are now going through the data, looking for particularly important or embarrassing pieces of data to threaten executives with exposing. I have heard stories of executives’ families being threatened, of consensual porn being identified (people regularly mix work and personal email) and exposed, and of victims’ customers and partners being directly contacted. Ransoms are in the millions, and gangs do their best to ensure that the pressure to pay is intense.

Read More

AT&T announces creation of standalone managed Cybersecurity services business

Read Time:1 Minute, 9 Second

On November 17, 2023 AT&T announced the creation of a new managed security services business backed by WillJam Ventures. Press release here.

Businesses of all types and sizes want to, and need to focus on innovation, growth, and transformation strategies. Meanwhile, the complexity of managing the evolving cybersecurity landscape continues to expand. Adversaries are determined, well-funded, and on a mission to disrupt businesses of all types and sizes.

As this complexity continues to mount, the task of operating internal security operations centers (SOCs) often becomes difficult for a business to manage. Organizations face staffing shortages, professional burnout, rising costs, and struggle to keep ahead of the unrelenting cyber risks.

To help tame complexity, many organizations are engaging with managed security services. This is exactly the venture’s mission – to help simplify security. It will help manage the risk while our clients reap the rewards.

This new venture will help our clients:

Secure their business intelligence through experienced advisors.
Predict their security investments by driving efficiency into security operations.
Mitigate risk and focus on innovation as an experienced and vigilant managed security services provider.

Both AT&T and WillJam Ventures are committed to investing in excellence and serving your security needs as our valued clients. I look forward to sharing more information about these exciting changes in the coming months.

Sundhar Annamalai, President AT&T Cybersecurity

Read More

A Vulnerability in Fortinet FortiSIEM Could Allow for Remote Code Execution

Read Time:26 Second

A vulnerability has been discovered in Fortinet FortiSIEM, which could allow for remote code execution. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More