SuiteCRM is a free and open source Customer Relationship Management application for servers. This advisory details a PHAR deserialization vulnerability that exists in SuiteCRM which could be leveraged by an authenticated administrator to execute commands on the underlying operating system. This issue has been fixed in release 7.11.19. In PHP, PHAR (PHP Archive) files can be used to package PHP applications and PHP libraries into one archive file.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. With images of all the best spy movies out there, you just can’t help enjoy this one. While its not possible to control the driving of the car, flinging the car doors open at speed might have an interesting effect on the occupants (and allow our spy to gain access of course while swinging from the drone).

FIPS 140-3 is the long-awaited update to FIPS 104-2 which was established on May 25, 2001. This updated validation process is finally capable of addressing the cryptographic modules that have evolved since 2001. This validation process includes testing with respect to certain standards or protocols and then the issuing of an official certificate from NIST (National Institute of Standards and Technology) confirming compliance with FIPS 140-3.

Inherent risks are the cyber risks and vulnerabilities within an organization before security measures are implemented. In contrast, residual risk is calculated after cybersecurity protections have been put in place to protect against all of these inherent risks; its calculation includes every possible attack vector that could affect a system or data.