On Friday, September 23rd, 2022, Sophos disclosed a critical code injection vulnerability impacting Sophos Firewall. This vulnerability, assigned CVE-2022-3236, affects Sophos Firewall versions v19.0 MR1 (19.0.1) and older and could lead to remote code execution. In order for a threat actor to exploit this vulnerability, WAN access would need to be enabled for the Webadmin and User Portal consoles.

Today in a technology-driven business world, network security is an utmost priority for all businesses, especially for those dealing with sensitive data. More so, in an organization that works in a hybrid environment wherein information and critical data are accessed remotely, the need for securing such data and network is important. This has led to a paradigm shift in the approach of establishing a robust security program and security implementations within the organization.

Rusty Cumpston and Jon Geater saw an opportunity to solve a huge supply chain trust problem and were inspired to build RKVST (pronounced as “archivist”), a platform aiming to bring integrity, transparency, and trust to digital supply chains. RKVST enables all partners in the supply chain to collaborate and work with a single source of truth, which can be helpful for tracking nuclear waste, storing historical flight data to optimize aircraft flight plans, and much more.

APIs provide rapid and scalable applications for banking, payments, and other businesses that require identity verification for AML and KYC compliance. In most countries, some firms are obliged by law to comply with AML and KYC. When such firms authenticate their consumers, APIs may provide a faster, simpler, and less expensive way to comply while fulfilling speed, security, and privacy demands.

With an average of 500 components in an application, it’s difficult to know what’s in your software. The right security tools and expertise are here to help. A software Bill of Materials (SBOM) is an inventory of what makes up a software application: the “ingredients list” of everything in it. There’s pressure today for companies to make SBOM information available, and it has implications for who is liable when there are issues in the software.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Its been a bad time for Rackspace, or should I say, their customers. All round it seems as the outage was more than just a system fault.

OV stands for Organization Validation, and EV stands for Extended Validation. To obtain these certificates, developers, development companies, and publishers have to fulfill a basic set of requirements. This includes furnishing the required documents, including physical address proof, telephone number, and legal documents of company creation. In addition to this, depending on the type of code signing certificate you need, the requirements can change further.

All software has bugs, and some can be difficult to find or reproduce. However, not all approaches to bug-finding need to be difficult to use! Fuzzing is an undeniably effective approach to finding security issues and bugs in software projects, however, tools can be complex to set up and execute. CI Fuzz CLI (open-source), automates the parts that make fuzzing complex, giving its users the look and feel of a unit test.

During my time as a cybersecurity admin, I had the authority to decide what was going to be done, but I didn’t have the access to configure or install my own software. To make matters worse, despite having authority over the implementation, I was also held accountable for failures but again, without the necessary access to fix issues. This created a lot of tension between myself and the teams I relied upon to handle implementation details.