Sophos – Page 78 – PossibleThreat Articles

Security Sophos

JavaScript bugs aplenty in Node.js ecosystem – found automatically

August 30, 2022 0 Comments bug-hunting, CVE, JavaScript, vulnerability

Credit to Author: Paul Ducklin| Date: Tue, 30 Aug 2022 16:59:14 +0000

How to get the better of bugs in all the possible packages in your supply chain?

Security Sophos

LastPass source code breach – do we still recommend password managers?

August 29, 2022 0 Comments breach, data loss, lastpass, password manager

Credit to Author: Paul Ducklin| Date: Mon, 29 Aug 2022 16:59:25 +0000

What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely?

Security Sophos

Breaching airgap security: using your phone’s gyroscope as a microphone

August 29, 2022 0 Comments airgap, ben gurion, ben-gurion university, data leakage, data loss, gairoscope, vulnerability

Credit to Author: Paul Ducklin| Date: Wed, 24 Aug 2022 18:59:07 +0000

One bit per second makes the Voyager probe data rate seem blindingly fast. But it’s enough to break your security assumptions…

Security Sophos

Firefox 104 is out – no critical bugs, but update anyway

August 26, 2022 0 Comments firefox, Mozilla, Patch, vulnerability

Credit to Author: Paul Ducklin| Date: Fri, 26 Aug 2022 16:27:08 +0000

Two trust-spoofing bugs were the main culprits this month – but neither one was a zero-day.

Security Sophos

S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]

August 25, 2022 0 Comments Apple, chrome, Crypto, cryptocurrency, Denial of Service, DOS, Edge, Google, iPhone, Microsoft, Naked Security Podcast, Podcast, r&b, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Thu, 25 Aug 2022 15:37:51 +0000

Latest episode – listen now! (Or read the transcript if you prefer the text version.)

Security Sophos

An open-source ML toolkit for automatically generating YARA rules

August 25, 2022 0 Comments ai research, free tools, incident response tools, open-source, threat hunting tools, yara, yaraml

Credit to Author: gallagherseanm| Date: Thu, 25 Aug 2022 11:00:35 +0000

The SophosAI Artificial Intelligence team has developed a machine-learning based tool that generates YARA rules for detecting specific types of threats

Security Sophos

Breaching airgap security: using your phone’s compass as a microphone!

August 24, 2022 0 Comments airgap, ben gurion, ben-gurion university, data leakage, data loss, gairoscope, vulnerability

Credit to Author: Paul Ducklin| Date: Wed, 24 Aug 2022 16:59:07 +0000

One bit per second makes the Voyager probe data rate seem blindingly fast. But it’s enough to break your security assumptions…

Security Sophos

Bitcoin ATMs leeched by attackers who created fake admin accounts

August 23, 2022 0 Comments atm, btc, Crypto, cryptocurrency, general bytes, phantom withdrawal, vulnerability

Credit to Author: Paul Ducklin| Date: Tue, 23 Aug 2022 15:35:37 +0000

The criminals didn’t implant any malware. The attack was orchestrated via malevolent configuration changes.

Security Sophos

Laptop denial-of-service via music: the 1980s R&B song with a CVE!

August 22, 2022 0 Comments chen, cve-2022-38392, janet jackson, music, raymond chen, resonance, vulnerability

Credit to Author: Paul Ducklin| Date: Mon, 22 Aug 2022 16:03:07 +0000

We haven’t validated this vuln ourselves… but the source of the story is impeccable. (Impeccably dressed, at least.)

Security Sophos

The importance of zero trust network access (ZTNA) in healthcare

August 22, 2022 0 Comments healthcare, products & services, solutions, sophos ztna, ztna

Credit to Author: Doug Aamoth| Date: Mon, 22 Aug 2022 12:10:23 +0000

With perimeter boundaries quickly blurring thanks to remote care and telehealth, the implicit trust placed in perimeter-centric security makes healthcare dangerously vulnerable.