Subj : Sophos Virus News
To   : All
From : Daryl Stout
Date : Wed Jan 11 2023 12:43:12

Here is the latest information from the Naked Security Blog from Sophos.
You can go to nakedsecurity.sophos.com to read these. You can also sign
up to have these delivered to your email during the week.

***

Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches

Get 'em while they're hot. And get 'em for the very last time, if you 
still have Windows 7 or 8.1...

***

Popular JWT cloud security library patches "remote" code execution hole

It's remotely triggerable, but attackers would already have pretty deep 
network access if they could "prime" your server for compromise. 

***

CircleCI -- code-building service suffers total credential compromise

They're saying "rotate secrets"... in plain English, they mean "change 
your credentials". The company has a tool to help you find them all. 

***

RSA crypto cracked? Or perhaps not!

Stand down from blue alert, it seems...but why not plan your cryptographic 
agility anyway? 

***

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

Lots of big issues this week: breaches, encryption, supply chains and 
patching problems. Listen now! (Full transcript inside.) 

***
--- SBBSecho 3.15-Win32
 * Origin: The Thunderbolt BBS - Little Rock, Arkansas (454:1/33)

.