Matthew Green wrote a really good blog post on what Telegram’s encryption is and is not.
Daily Archives: August 28, 2024
mingw-python3-3.11.9-2.fc39
FEDORA-2024-7008b2fedf
Packages in this update:
mingw-python3-3.11.9-2.fc39
Update description:
Add patch for CVE-2024-8088.
Update to python-3.11.9. Backport fix for CVE-2024-6923.
mingw-python3-3.11.9-2.fc40
FEDORA-2024-3d656dafe1
Packages in this update:
mingw-python3-3.11.9-2.fc40
Update description:
Add patch for CVE-2024-8088.
Update to python-3.11.9. Backport fix for CVE-2024-6923.
python3.9-3.9.19-6.fc42
FEDORA-2024-0cf8baac55
Packages in this update:
python3.9-3.9.19-6.fc42
Update description:
Automatic update for python3.9-3.9.19-6.fc42.
Changelog
* Fri Aug 23 2024 Charalampos Stratakis <cstratak@redhat.com> – 3.9.19-6
– Security fix for CVE-2024-8088
– Fixes: rhbz#2307466
2024 Cyber Resilience Research: Aligning Retail Cybersecurity with Business Priorities
New data illuminates how retail leaders can prioritize resilience.
In today’s retail environment, businesses embrace dynamic computing and other technological innovations to enhance operations and customer experiences. However, as these advancements accelerate, so does the risk of cyber threats.
The 2024 LevelBlue Retail Report reveals a significant challenge for retail leaders: aligning cybersecurity strategies with broader business objectives to ensure a resilient future, especially in securing the increasingly complex supply chain.
Dynamic Computing: Opportunity and Risk
Dynamic computing offers retail businesses unparalleled opportunities to innovate and gain a competitive edge. By processing data closer to the source, retailers can develop groundbreaking services, optimize their supply chains, and deliver more personalized customer experiences. According to the report, 86% of retail executives anticipate that dynamic computing will improve operational performance within the next three years.
However, this optimism comes with a cautionary note—82% of retail respondents also acknowledge that these innovations increase their exposure to cyber risks, particularly within the supply chain. As retail operations become more interconnected and reliant on advanced technologies, the potential for cyber attacks grows, making robust cybersecurity strategies more critical than ever. The complexity of modern supply chains, with their numerous vendors and touchpoints, only amplifies the risk, as each link in the chain could be a potential vulnerability.
Get your complimentary copy of the report.
The Misalignment Between Business and IT
Despite the clear risks associated with technological innovation, there remains a troubling disconnect between business objectives and IT priorities in the retail sector. The report highlights that while business leaders are eager to drive innovation, they often overlook the need to integrate cybersecurity into their strategic planning. This misalignment leaves organizations vulnerable, particularly in their supply chains, as cybersecurity measures are frequently treated as afterthoughts rather than integral components of business success.
One of the most striking findings in the report is that 83% of retail executives do not view cyber resilience as a whole-organization priority. Instead, it is often siloed within IT departments, with limited engagement from other parts of the business. This fragmented approach undermines the effectiveness of cybersecurity efforts and exposes the organization, especially its supply chain, to greater risks.
Strategies for Alignment
To bridge the gap between business objectives and IT priorities, retail leaders must adopt a more integrated approach to cybersecurity, with a particular focus on the supply chain. Here are some key strategies to consider:
1. Proactive Risk Management: Retail executives must involve IT and cybersecurity teams in the early stages of strategic planning. By doing so, they can anticipate potential risks in the supply chain and develop proactive measures to mitigate them rather than reacting to threats after they occur.
2. Cross-Departmental Collaboration: Breaking down silos between IT, supply chain management, and other business units is essential for aligning cybersecurity with business goals. Regular communication and collaboration across departments can ensure that cybersecurity is considered in all business decisions, particularly those affecting the supply chain.
3. Prioritizing Cyber Resilience: Cyber resilience should be recognized as a critical business imperative, not just an IT concern. By elevating its importance within the organization, retail leaders can secure the necessary resources and support to build a more resilient operation, including a secure supply chain.
4. Leveraging External Expertise: Given the complexity of today’s cyber threats, retail organizations should not hesitate to seek external guidance. Engaging with cybersecurity experts can provide valuable insights and help strengthen internal capabilities, particularly in securing vulnerable supply chain links.
As retail businesses continue to innovate, the need for robust cybersecurity strategies becomes increasingly urgent, especially in securing the supply chain. The 2024 LevelBlue Retail Report underscores the importance of aligning cybersecurity efforts with broader business objectives to ensure a resilient and secure future. By adopting a more integrated approach, retail leaders can protect their organizations and supply chains from emerging threats while continuing to drive forward with innovative solutions.
The stakes have never been higher in a world where dynamic computing and technological innovation are transforming retail. Retail leaders must prioritize cyber resilience as a foundational element of their business strategy, with a strong emphasis on securing the supply chain.
Download the 2024 LevelBlue Futures Report for Retail to explore these insights and more.
Money Laundering Dominates UK Fraud Cases
KPMG research finds money laundering accounted for the majority of fraud cases heard in the first half of 2024
University criticised for using Ebola outbreak lure in phishing test
A phishing exercise conducted by the IT department of the University of California Santa Cruz (UCSC) has backfired, after causing unnecessary panic amongst students and staff.
Read more in my article on the Hot for Security blog.
South Korean Spies Exploit WPS Office Zero-Day
ESET uncovers a South Korean cyber-espionage campaign featuring a zero-day exploit for WPS Office
Versa Director Dangerous File Type Upload Vulnerability (CVE-2024-39717)
What is the Vulnerability?The Versa Director GUI contains a zero-day dangerous file type upload vulnerability (CVE-2024-39717) that allows attackers to upload potentially malicious files, granting them system administrator access. This flaw effects the “Change Favicon” (Favorite Icon) option that can be misused to upload a malicious file ending with .png extension to masquerade as an image file. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-39717 to its “Known Exploited Vulnerabilities” list.What is the recommended Mitigation?Versa Networks has released a patch to address this vulnerability and has mentioned in their advisory that the vulnerability has already been exploited by an Advanced Persistent Threat actor.What FortiGuard Coverage is available?FortiGuard Labs recommends users to apply the patches released by the vendor to secure their systems and follow their system hardening guidelines.FortiGuard Labs has blocked known malware used in campaign related to the Versa Director Dangerous File Type Upload Vulnerability. Java/CVE_2024_39717.A!exploitThe FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard Labs is further investigating to provide protections and will update this Threat Signal Report with more information once it becomes available.