Subj : Sophos Virus News
To   : All
From : Daryl Stout
Date : Thu Sep 01 2022 12:18:00

Here is the latest information from the Naked Security Blog from Sophos.
You can go to nakedsecurity.sophos.com to read these. You can also sign
up to have these delivered to your email during the week.

***

S3 Ep98: The LastPass saga - should we stop using password managers? 
[Audio + Text]

Latest episode - listen now!

***	

URGENT! Apple slips out zero-day update for older iPhones and iPads

Patch as soon as you can - that recent WebKit zero-day affecting new 
iPhones and iPads is apparently being used against older models, too.

***
	
Chrome patches 24 security holes, enables "Sanitizer" safety system

24 existing bugs fixed. And, we hope, numerous potential future bugs 
prevented.

***

JavaScript bugs aplenty in Node.js ecosystem - found automatically

How to get the better of bugs in all the possible packages in your
supply chain?

***

LastPass source code breach - do we still recommend password managers?

As you no doubt already know, because the story has been all over the 
news and social media recently, the widely-known and widely-used password 
manager LastPass last week reported a security breach. The breach itself 
actually happened two weeks before that, the company said, and involved 
attackers getting into the system where LastPass keeps the source code
of its software.

***

Firefox 104 is out - no critical bugs, but update anyway

Two trust-spoofing bugs were the main culprits this month - but 
neither one was a zero-day.

***
--- SBBSecho 3.15-Win32
 * Origin: The Thunderbolt BBS - Little Rock, Arkansas (454:1/33)

.