Read Time:3 Second
Reviews site claims firm has ignored its enforcement action
DSA-5075 minetest – security update
Read Time:23 Second
Several vulnerabilities have been discovered in Minetest, a sandbox video game
and game creation system. These issues may allow attackers to manipulate game
mods and grant them an unfair advantage over other players. These flaws could
also be abused for a denial of service attack against a Minetest server or if
user input is passed directly to minetest.deserialize without serializing it
first, then a malicious user could run Lua code in the server environment.
DSA-5074 thunderbird – security update
Read Time:6 Second
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
DSA-5073 expat – security update
Read Time:10 Second
Several vulnerabilities have been discovered in Expat, an XML parsing C
library, which could result in denial of service or potentially the
execution of arbitrary code, if a malformed XML file is processed.
Friday Squid Blogging: Climate Change Causing “Squid Bloom” along Pacific Coast
Read Time:11 Second
The oceans are warmer, which means more squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
New Magnet Forensics app automates, coordinates cybersecurity response
Read Time:39 Second
A slow response to a data breach or other cybersecurity incident can cost companies time and money, as well as damage to their reputation. To help companies accelerate their response to cybersecurity incidents, Magnet Forensics is offering a new application, Magnet Automate Enterprise, designed to automatically trigger investigations into security breaches and synchronize incident detection and response tasks by third party tools.
Magnet Forensics has a track record for developing investigation software for the processing of evidence from computers, mobile devices, IoT devices and cloud services, and has had a strong user base among law enforcement and government agencies. The new software is geared specifically for enterprises, allowing them to recover evidence of security incidents from corporate networks and remote endpoints.
Prison for Nintendo Pirate
Read Time:5 Second
Games giant thanks US authorities for securing 3-year prison term for Team-Xecuter leader
Marketing Firm Exposes Lead Data
Read Time:4 Second
Cybersecurity researchers find PII of millions of people in unsecured Amazon S3 Bucket
Immediata Agrees $1.125m Data Breach Settlement
Read Time:5 Second
Software company agrees to settle class action lawsuit filed by victims of 2019 security breach
Major SAP vulnerability requires urgent patch to prevent HTTP request smuggling attacks
Read Time:28 Second
Security researchers, enterprise software maker SAP, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings over a critical vulnerability affecting Internet Communication Manager (ICM), a core component of SAP business applications that enables HTTPS communications. Tracked as CVE-2022-22536, the vulnerability allows attackers to use malformed packets to trick SAP servers into exposing sensitive data without needing to authenticate, according to Onapsis Research Labs. A security patch is available and organizations are urged to update as soon as possible.