chromium-119.0.6045.159-1.fc37
update to 119.0.6045.159, upstream security release
High CVE-2023-5997, use after free in Garbage Collection
High CVE-2023-6112, use after free in Navigation
chromium-119.0.6045.159-1.el9
update to 119.0.6045.159, upstream security release
High CVE-2023-5997, use after free in Garbage Collection
High CVE-2023-6112, use after free in Navigation
update to 119.0.6045.123. Security fix for CVE-2023-5996
update to 119.0.6045.105. Security fixes:
High CVE-2023-5480: Inappropriate implementation in Payments.
High CVE-2023-5482: Insufficient data validation in USB.
High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads.
Medium CVE-2023-5851: Inappropriate implementation in Downloads.
Medium CVE-2023-5852: Use after free in Printing.
Medium CVE-2023-5853: Incorrect security UI in Downloads.
Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode.
Medium CVE-2023-5856: Use after free in Side Panel.
Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Low CVE-2023-5859: Incorrect security UI in Picture In Picture.
chromium-119.0.6045.159-1.fc38
update to 119.0.6045.159, upstream security release
High CVE-2023-5997, use after free in Garbage Collection
High CVE-2023-6112, use after free in Navigation
Fix bz#2240127, audio/video decode issue in chromium
chromium-119.0.6045.159-1.fc39
update to 119.0.6045.159, upstream security release
High CVE-2023-5997, use after free in Garbage Collection
High CVE-2023-6112, use after free in Navigation
Fix bz#2240127, audio/video decode issue in chromium
python-asyncssh-2.14.1-1.fc39
Security fix for CVE-2023-46446 and CVE-2023-46445
A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days.
This is over the top, but is just another example of the extreme pressure ransomware gangs put on companies after seizing their data. Gangs are now going through the data, looking for particularly important or embarrassing pieces of data to threaten executives with exposing. I have heard stories of executives’ families being threatened, of consensual porn being identified (people regularly mix work and personal email) and exposed, and of victims’ customers and partners being directly contacted. Ransoms are in the millions, and gangs do their best to ensure that the pressure to pay is intense.
On November 17, 2023 AT&T announced the creation of a new managed security services business backed by WillJam Ventures. Press release here.
Businesses of all types and sizes want to, and need to focus on innovation, growth, and transformation strategies. Meanwhile, the complexity of managing the evolving cybersecurity landscape continues to expand. Adversaries are determined, well-funded, and on a mission to disrupt businesses of all types and sizes.
As this complexity continues to mount, the task of operating internal security operations centers (SOCs) often becomes difficult for a business to manage. Organizations face staffing shortages, professional burnout, rising costs, and struggle to keep ahead of the unrelenting cyber risks.
To help tame complexity, many organizations are engaging with managed security services. This is exactly the venture’s mission – to help simplify security. It will help manage the risk while our clients reap the rewards.
This new venture will help our clients:
Secure their business intelligence through experienced advisors.
Predict their security investments by driving efficiency into security operations.
Mitigate risk and focus on innovation as an experienced and vigilant managed security services provider.
Both AT&T and WillJam Ventures are committed to investing in excellence and serving your security needs as our valued clients. I look forward to sharing more information about these exciting changes in the coming months.
Sundhar Annamalai, President AT&T Cybersecurity
A vulnerability has been discovered in Fortinet FortiSIEM, which could allow for remote code execution. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Check Point Research say these latest luxury brand scams are a wake-up call for shoppers to stay vigilant online
