Subj : Sophos Virus News
To   : All
From : Daryl Stout
Date : Fri Feb 03 2023 12:20:37

Here is the latest information from the Naked Security Blog from Sophos.
You can go to nakedsecurity.sophos.com to read these. You can also sign
up to have these delivered to your email during the week.

***

OpenSSH fixes double-free memory bug that's pokable over the network

It's a bug fix for a bug fix. A memory leak was turned into a double-free 
that has now been turned into correct code...

***

S3 Ep120: When dud crypto simply won't let go [Audio + Text]

Latest episode - listen now!

***

Password-stealing "vulnerability" reported in KeyPass - bug or feature?

Is it a vulnerability if someone with control over your account can mess 
with files that your account is allowed to access anyway?

***

GitHub code-signing certificates stolen (but will be revoked this week)

There was a breach, so the bad news isn't great, but the good news isn't 
too bad...

***

Serious Security: The Samba logon bug caused by outdated crypto

Enjoy our Serious Security deep dive into this real-world example of 
why cryptographic agility is important!

***
--- SBBSecho 3.15-Win32
 * Origin: The Thunderbolt BBS - Little Rock, Arkansas (454:1/33)

.