Yearly Archives: 2023

News

5 strategies to manage cybersecurity risks in mergers and acquisitions

Read Time:58 Second

Mergers and acquisitions (M&A) have the potential to introduce significant cybersecurity risks for organizations. M&A teams are generally limited in size and focused on financials and business operations, with IT and cybersecurity taking a back seat early in the process, according to Doug Saylors, partner and co-lead of cybersecurity with global technology research and advisory firm ISG.  “Assumptions about connecting networks, ‘rationalizing’ IT and cybersecurity platforms and staff are generally made with limited knowledge of the actual functions and work performed in each organization,” Saylor says.

A company merging, being acquired, or undergoing any other M&A activity must be able to evaluate security requirements that could affect the business strategy and risks of the future entity, according to a report on cybersecurity in the M&A and due diligence process from Gartner. “This results in an understanding of the state of security in the acquired company (to the extent possible pre-deal) to ensure that there are no rude shocks and in a plan for how to address the integration aspect safely and securely,” the report noted.

To read this article in full, please click here

Read More

News

Darktrace/Email upgrade enhances generative AI email attack defense

Read Time:34 Second

Darktrace has announced a new upgrade to its Darktrace/Email product with enhanced features that defend organizations from evolving cyberthreats including generative AI business email compromise (BEC) and novel social engineering attacks. Among the new capabilities are an AI-employee feedback loop; account takeover protection; insights from endpoint, network, and cloud; and behavioral detections of misdirected emails, the vendor said. The upgrade comes amid growing concern about the ability of generative AI – such as ChatGPT and other large language models (LLMs) – to enhance phishing email attacks and provide an avenue for threat actors to craft more sophisticated and targeted campaigns at speed and scale.

To read this article in full, please click here

Read More

Advisories

USN-5966-3: amanda regression

Read Time:56 Second

USN-5966-1 fixed vulnerabilities in amanda. Unfortunately that update
caused a regression and was reverted in USN-5966-2. This update provides
security fixes for Ubuntu 22.10, Ubuntu 22.04 LTS, Ubuntu 20.04
LTS and Ubuntu 18.04 LTS.

We apologize for the inconvenience.

Original advisory details:

Maher Azzouzi discovered an information disclosure vulnerability in the
calcsize binary within amanda. calcsize is a suid binary owned by root that
could possibly be used by a malicious local attacker to expose sensitive
file system information. (CVE-2022-37703)

Maher Azzouzi discovered a privilege escalation vulnerability in the
rundump binary within amanda. rundump is a suid binary owned by root that
did not perform adequate sanitization of environment variables or
commandline options and could possibly be used by a malicious local
attacker to escalate privileges. (CVE-2022-37704)

Maher Azzouzi discovered a privilege escalation vulnerability in the runtar
binary within amanda. runtar is a suid binary owned by root that did not
perform adequate sanitization of commandline options and could possibly be
used by a malicious local attacker to escalate privileges. (CVE-2022-37705)

Read More

Advisories

ghostwriter-23.03.90-2.fc39

Read Time:25 Second

FEDORA-2023-d1e9e62a92

Packages in this update:

ghostwriter-23.03.90-2.fc39

Update description:

Automatic update for ghostwriter-23.03.90-2.fc39.

Changelog

* Sat Apr 1 2023 Vitaly Zaitsev <vitaly@easycoding.org> – 23.03.90-2
– Switched to Ninja.
– Explicitly set Release configuration.
– Sorted all BuildRequires by name for better readability.
– Updated bundled libraries versions. Fixes rhbz#2128046.
* Fri Mar 31 2023 Marc Deop i Argemí <marcdeop@fedoraproject.org> – 23.03.90-1
– 23.03.90

Read More