David Schwörer discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3426)
It was discovered that Python incorrectly handled certain FTP requests.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS.
(CVE-2021-4189)
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2022-0391)
I love this time of year, with March Madness excitement in the air and my Notre Dame Fighting Irish still in the tournament (as of the writing of this column)! More importantly – yes, more importantly – I love monitoring the 538 March Madness prediction website to see how the chances of winning change through the days, after games, and even within their 40 minutes of activity.
I like doing this because it is a better representation of how cybersecurity risk works than the way we typically think in our field. So, we can watch – even in real-time – how the chances of success (winning the game, moving on to the next round) and failure (losing) change with the variables during the game and the context outside of them (other games). As I watch those probabilities change – sometimes swinging wildly — I think of how cybersecurity-related risk changes in a similar manner, with the real-time activity in our computing environments – sessions, messages, transactions, flows, etc. — being established or sent.
Blame it on pandemic fatigue, remote work or just too much information, but employees appear to be lowering their guard when it comes to detecting social engineering tricks. Attackers were more successful with their social engineering schemes last year than they were a year earlier, according to Proofpoint. More than 80% of organizations suffered a successful email-based phishing attack in 2021, according to a survey of 3,500 professionals. That’s a 46% jump from 2020.
“So many people, especially today with all the distractions and noise of the world, are on autopilot – just going through the motions,” says Kevin Beaver, principal consultant at security firm Principle Logic. “Their subconscious mind has taken over making what are often critical decisions. The bad guys know they have the upper hand.”
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Multiple vulnerabilities have been discovered in the freeware Advanced
Audio Decoder, which may result in denial of service or potentially the
execution of arbitrary code if malformed media files are processed.
