From an average of one cybersecurity expert for 1285 employees in 2023, large organizations now have one for every 1086 employees, according to Wavestone
Monthly Archives: June 2024
James Bamford on Section 702 Extension
Longtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA).
Google Thwarts Over 10,000 Attempts by Chinese Influence Operator
Google warned of high levels of activity from Chinese influence operator Dragon Bridge, which is increasingly experimenting with generative AI tools to create content
Post Title
There’s some possibly good news on the ransomware front.
Companies are becoming more resilient to attacks, and the ransom payments extorted from businesses by hackers are on a downward trend.
Read more in my article on the Tripwire State of Security blog.
USN-6855-1: libcdio vulnerability
Mansour Gashasbi discovered that libcdio incorrectly handled certain
memory operations when parsing an ISO file, leading to a buffer overflow
vulnerability. An attacker could use this to cause a denial of service
or possibly execute arbitrary code.
GLSA 202406-06: GStreamer, GStreamer Plugins: Multiple Vulnerabilities
Keep the Cloud Secure with CIS after Migrating to the Cloud
Want to stay secure after migrating to the cloud? Download our white paper to learn how three resources from the Center for Internet Security can help.
CISOs Reveal Firms Prioritize Savings Over Long-Term Security
The data from Bugcrowd also reveals 40% of them think most firms don’t understand breach risks
USN-5615-3: SQLite vulnerability
USN-5615-1 fixed several vulnerabilities in SQLite. This update provides
the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that SQLite incorrectly handled INTERSEC query
processing. An attacker could use this issue to cause SQLite to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-35525)
It was discovered that SQLite incorrectly handled ALTER TABLE for views
that have a nested FROM clause. An attacker could use this issue to cause
SQLite to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS.
(CVE-2020-35527)
It was discovered that SQLite incorrectly handled embedded null characters
when tokenizing certain unicode strings. This issue could result in
incorrect results. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-20223)
Operation First Light Seizes $257m in Global Scam Bust
The operation, orchestrated by Interpol, resulted in the arrest of 3950 suspects