This is a work-in-progress blog post. It will be updated when more information is available. For more detailed information about the vulnerability, see the How the Critical OpenSSL Vulnerability may affect Popular Container Images blog post. A critical vulnerability with an expected high or critical severity rate of CVSS score is about to be announced on November 1st on the OpenSSL project. There are still no details besides an announcement on the OpenSSL mailing list on October 25th.
In February 2021, the Reserve Bank of India published a paper detailing Digital Payment Security Controls (DPSC). The paper was developed to aid Indian financial organisations in protecting digital channels and offering commodities to clients with Identity Verification solutions. Global financial services corporations are caught between the government and clients.
The modern vehicle comes equipped with a variety of software systems. Especially features that connect it to the outside world, such as online updates, fleet management and communication between vehicles, offer attack surface. The security of automotive software is crucial, not only because bug-induced call-backs are costly, but also because the well-being of passengers depends on it.
The nature of LinkedIn’s professional environment facilitates communication among individuals from various backgrounds across industries. However, threat actors have been known to exploit the business networking platform for malicious aims, including intelligence gathering, identity theft and spear phishing. A number of fake profiles identified on the site have been observed targeting individuals in diverse sectors, particularly those with roles in government, cyber security and education.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Ah ha! Something new to combat a valid issue I’m sure many of us who have had left a phone at a repair shop had fears over…. Will our data on the device be abused? Looks like Samsung has a solution in part.
Meet our partner experts and learn more about how JFrog's Pyrsia project (the decentralized package network) works hard to secure the #softwaresupplychain! Learn more at https://pyrsia.io/.
#DevOps #DevSecOps
Have you ever heard the cybersecurity term “dictionary attack”, and wondered what it means? You’re not alone. Here, we’ll break down what a dictionary attack is, and explain what steps you should take to protect yourself from this threat.
