Z2U users accused of selling online accounts and malware
Yearly Archives: 2023
bzip3-1.3.0-1.el8
FEDORA-EPEL-2023-b06600ebc7
Packages in this update:
bzip3-1.3.0-1.el8
Update description:
This release fixes a memory heap corruption.
bzip3-1.3.0-1.fc36
FEDORA-2023-3a821e6e73
Packages in this update:
bzip3-1.3.0-1.fc36
Update description:
This release fixes a memory heap corruption.
Let’s pump the brakes on the rush to incorporate AI into cybersecurity
It seems that everyone is rushing to embed artificial intelligence into their solutions, and security offerings are among the latest to obtain this shiny new thing. Like many, I see the potential for AI to help bring about positive change, but also its potential as a threat vector.
To some, recent AI developments are a laughing matter. On April 1, 2023, that traditional day when technology and social media sites love to pull a fast one on us and engage in often elaborate pranks, the Twitter account for the MITRE ATT&CK platform launched the #attackgpt Twitter bot, which invited users to employ the hashtag #attackgpt, which would generate an “AI” response to questions about the anti-hacker knowledge base. In reality, it was an April fool’s prank with MITRE’s social media team cranking out funny answers in the guise of a chatbot.
Strategic risk analysis is key to ensure customer trust in product, customer-facing app security
CISOs are no longer only responsible for the cybersecurity of systems used internally. In many organizations they also focus on securing products and public-facing applications, and one way to do this well is through risk assessment.
Assessing risk requires identifying baseline security criteria around key elements such as customer contracts and regulatory requirements, Neil Lappage, partner at LeadingEdgeCyber and ISACA member, tells CSO. “From the start, you’ve got things you’re committed to such as requirements in customer contracts and regulatory requirements and you have to work within those parameters. And you need to understand who your interested parties are, the stakes they’ve got in the game, and the security objectives.”
Malicious Spam Campaign Downs npm Registry
ZDI-23-379: G Data Total Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
DSA-5381 tomcat9 – security update
Several security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine.
DSA-5382 cairosvg – security update
It was reported that cairosvg, a SVG converter based on Cairo, can send
requests to external hosts when processing specially crafted SVG files
with external file resource loading. An attacker can take advantage of
this flaw to perform a server-side request forgery or denial of service.
Fetching of external files is disabled by default with this update.
DSA-5383 ghostscript – security update
It was discovered that Ghostscript, the GPL PostScript/PDF interpreter,
is prone to a buffer overflow vulnerability in the (T)BCP encoding
filters, which could result in the execution of arbitrary code if
malformed document files are processed (despite the -dSAFER sandbox
being enabled).