python3.13-3.13.0~rc1-2.fc41

Read Time:19 Second

FEDORA-2024-9fe1974c0f

Packages in this update:

python3.13-3.13.0~rc1-2.fc41

Update description:

Automatic update for python3.13-3.13.0~rc1-2.fc41.

Changelog

* Tue Aug 6 2024 Miro Hrončok <mhroncok@redhat.com> – 3.13.0~rc1-2
– Fix SystemError in PyEval_GetLocals()
– Fixes: rhbz#2303107
– Security fix for CVE-2024-6923
– Fixes: rhbz#2303160

Read More

Problems with Georgia’s Voter Registration Portal

Read Time:43 Second

It’s possible to cancel other people’s voter registration:

On Friday, four days after Georgia Democrats began warning that bad actors could abuse the state’s new online portal for canceling voter registrations, the Secretary of State’s Office acknowledged to ProPublica that it had identified multiple such attempts…

…the portal suffered at least two security glitches that briefly exposed voters’ dates of birth, the last four digits of their Social Security numbers and their full driver’s license numbers—the exact information needed to cancel others’ voter registrations.

I get that this is a hard problem to solve. We want the portal to be easy for people to use—even non-tech-savvy people—and hard for fraudsters to abuse, and it turns out to be impossible to do both without an overarching digital identity infrastructure. But Georgia is making it easy.

Read More

Data Reveals Unaligned Leadership: Business, IT, and Cybersecurity Don’t Share Priorities – But They Should!

Read Time:4 Minute, 9 Second

In the rapidly evolving cybersecurity landscape, alignment between business priorities, IT, and cybersecurity strategies is crucial for organizational resilience.

However, the 2024 LevelBlue Executive Accelerator, based on the 2024 LevelBlue Futures Report, reveals a significant disconnect among technology-related C-suite executives—CIOs, CTOs, and CISOs. This disconnect highlights how their divergent roles and priorities can lead to misalignment with broader business objectives. More importantly, it underscores a critical issue: the lack of strategic alignment between executive leadership outside of tech and the crucial IT and cybersecurity domains.

The Distinct Roles and Priorities of CIOs, CTOs, and CISOs

• Chief Information Officers (CIOs): Strategic Planners and Risk Managers

CIOs primarily focus on strategic planning, risk management, and ensuring that technology aligns with overall business goals. They are responsible for comprehensive risk assessments and integrating these insights into strategic decision-making.

According to our data, 92% of CIOs are willing to embrace uncertainty concerning cyber threats, reflecting their broad perspective on risk management and strategic planning. This willingness to consider potential threats allows CIOs to craft robust frameworks to anticipate and mitigate risks, providing a sense of reassurance and confidence in their strategic planning abilities.

• Chief Technology Officers (CTOs): Innovators and Compliance Balancers

CTOs, on the other hand, are centered on technological development and innovation. Their primary concern is to drive the organization forward by adopting new technologies that keep the company competitive. However, this drive for innovation often comes with a significant concern for regulatory compliance.

Our data shows that 73% of CTOs are concerned about regulations hindering competitiveness, a figure much higher than that of their CIO and CISO counterparts. This concern indicates that CTOs frequently find themselves balancing the need for innovation with the necessity of adhering to compliance standards. This balancing act can sometimes create friction with other C-suite roles, particularly when rapid technological advancements are prioritized over established security protocols.

• Chief Information Security Officers (CISOs): Operational Security and Proactive Measures

CISOs are tasked with the practical implementation of security measures and the proactive management of emerging threats. They are the front-line defenders of the organization’s cybersecurity posture, focusing on operational security.

The data shows that CISOs are significantly more likely to feel that cybersecurity has become unwieldy, with 73% expressing concerns over the necessity of tradeoffs. Moreover, 66% of CISOs feel a lack of proactive measures due to reactive budgets, indicating their struggle to secure forward-looking investments in cybersecurity. This operational focus often puts CISOs at odds with both CIOs and CTOs, whose broader strategic or innovative priorities may not always align with the immediate security needs identified by CISOs.

Download the LevelBlue CSuite Accelerator today! 

The Misalignment with Broader Business Objectives

The divergence in priorities among CIOs, CTOs, and CISOs points to a broader issue: the misalignment of IT and cybersecurity priorities with overarching business goals. Executive leadership outside of the tech domain often does not fully grasp the intricate balance that needs to be maintained between strategic planning, technological innovation, and operational security.

This lack of alignment can lead to several issues:

Fragmented Communication and Goals: Without a unified strategic direction, each executive role may pursue isolated goals, leading to fragmented communication and inefficiencies. For instance, while the CIO might be pushing for comprehensive risk management strategies, the CTO’s focus on rapid innovation and the CISO’s emphasis on operational security might not be fully aligned, causing a disjointed approach to cybersecurity.

Inconsistent Budget Allocations: Proactive cybersecurity investments often require significant budget allocations, which can be challenging to secure without clear strategic alignment. The CISO’s need for proactive measures may be deprioritized in favor of the CIO’s and CTO’s broader or more immediate initiatives, leading to a reactive rather than proactive security posture.

Regulatory and Compliance Challenges: CTOs’ concerns about compliance hindering innovation highlight the need for a balanced approach that does not compromise security. However, ensuring that innovation complies with regulatory standards can become challenging without strategic alignment, potentially exposing the organization to compliance risks.

Bridging the Gap: First Steps for Strategic Alignment for Cyber Resilience

To address these issues, it is imperative that executive leadership, including those outside the tech domain, align their strategies with IT and cybersecurity priorities. This can be achieved through:

1. Enhanced communication and collaboration with regular and structured communication between CIOs, CTOs, CISOs, and other executive leaders can ensure everyone is on the same page regarding strategic objectives and priorities.

2. Integrated strategic planning means incorporating cybersecurity and IT priorities into the broader business strategy (and priorities) to ensure that all aspects of the organization move towards a common goal.

3. Proactive investment in cybersecurity, by recognizing the critical role of proactive measures, can help secure necessary budget allocations, ensuring that the organization is prepared for emerging threats.

Organizations can bridge the gap between business, IT, and cybersecurity priorities by fostering strategic alignment, ensuring a resilient and secure future. We can help. Interested in learning more about how? Contact us. 

Read More

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:28 Second

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More