It’s 5:05, on Friday, November 25, 2022. There are only 36 days remaining in this year. This is Pokie Huang, sitting in for Mark Miller while he is in London. This is your daily update of open source and cybersecurity news. We have 20 reporters calling in from around the world. Today’s reports come from Olimpiu Pop in Romania, Edwin Kwan in Australia, Trace Bannon in Pennsylvania and Mark Miller in the UK.
Let’s get to it!
🇷🇴 Olimpiu Pop, Transylvania, Romania
Upgrade Chrome to 107
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
https://nvd.nist.gov/vuln/detail/CVE-2022-4135
https://thehackernews.com/2022/11/update-chrome-browser-now-to-patch-new.html
🇦🇺 Edwin Kwan, Sydney, Australia
Medibank Breach Data inaccuracies
https://www.smh.com.au/business/companies/medibank-s-main-customers-not-affected-in-hacker-data-leaks-20221123-p5c0ox.html
🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania
SBOM, Firmware, and Supply Chain Risk
https://thehackernews.com/2022/11/dell-hp-and-lenovo-devices-found-using.html
Full report:
https://www.binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html
Additional resources: https://www.tianocore.org/
🇬🇧 Mark Miller, New York City
ENISA Healthcare Sector Cybersecurity Report
CSIRT Capabilities in Healthcare Sector
https://www.enisa.europa.eu/publications/csirt-capabilities-in-healthcare-sector
Full report
https://www.enisa.europa.eu/publications/csirt-capabilities-in-healthcare-sector/@@download/fullReport
