Subj : Sophos Virus News
To   : All
From : Daryl Stout
Date : Tue Jul 12 2022 12:21:49

Here is the latest information from the Naked Security Blog from Sophos.
You can go to nakedsecurity.sophos.com to read these. You can also sign
up to have these delivered to your email during the week.

***

Paying ransomware crooks won't reduce your legal risk, warns regulator

"We paid the crooks to keep things under control and made a bad thing
better"...isn't a valid excuse. Who knew??

***

That didn't last! Microsoft turns off the Office security it just turned on.

An Office anti-malware setting that took more than 20 years to arrive...
and fewer than 20 weeks to vanish again.

***

Apache "Commons Configuration" patches Log4Shell-style bug - what you need
to know.

It's a bit like Log4J, but for configuration files, not for logging.

***

S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass
[Podcast + Transcript]

Listen now! Or read, if you prefer.

***

OpenSSL fixes two "one liner" crypto bugs - what you need to know.

"As bad as Heartbleed"? We heard that concern a week ago, but we think
it's less ungood than that.

***
--- SBBSecho 3.15-Win32
 * Origin: The Thunderbolt BBS - Little Rock, Arkansas (454:1/33)

.