Subj : Sophos Virus News
To   : All
From : Daryl Stout
Date : Fri Jul 08 2022 13:19:28

Here is the latest information from the Naked Security Blog from Sophos.
You can go to nakedsecurity.sophos.com to read these. You can also sign
up to have these delivered to your email during the week.

***

Apache "Commons Configuration" patches Log4Shell-style bug - what you need
to know.

It's a bit like Log4J, but for configuration files, not for logging.

***

S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass
[Podcast + Transcript]

Listen now! Or read, if you prefer.

***

OpenSSL fixes two "one liner" crypto bugs - what you need to know.

"As bad as Heartbleed"? We heard that concern a week ago, but we think
it's less ungood than that.

***

Google patches "in-the-wild" Chrome zero-day - update now!

Running Chrome? Do the "Help-About-Update" dance move right now, just to
be sure.

***

Canadian cybercriminal pleads guilty to "NetWalker" attacks in US.

Bust in Canada, now bust in the USA as well.

***
--- SBBSecho 3.15-Win32
 * Origin: The Thunderbolt BBS - Little Rock, Arkansas (454:1/33)

.