Security Leftovers
-
Security updates for Wednesday [LWN.net]
Security updates have been issued by Debian (grub2, nginx, and wordpress), Red Hat (389-ds-base, bind, buildah, curl, device-mapper-multipath, dnsmasq, dotnet7.0, dpdk, e2fsprogs, grafana-pcp, harfbuzz, ignition, Image Builder, kernel, keylime, libguestfs, libldb, libtiff, libvirt, logrotate, mingw-zlib, mutt, openjpeg2, podman, poppler, python-lxml, qt5, rsync, runc, samba, skopeo, toolbox, unbound, virt-v2v, wavpack, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), SUSE (389-ds, bluez, dhcp, freerdp, jackson-databind, kernel, LibVNCServer, libX11, nodejs12, nodejs16, php7, php8, python-Mako, python-Twisted, python310, sudo, systemd, and xen), and Ubuntu (mako).
-
CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network | CISA [Ed: VMware (proprietary) exploited]
Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester.
-
El Salvador’s Pegasus spyware case left uninvestigated ten months later - Global Voices
Ten months ago, in January 2022, Access Now and the Citizen Lab confirmed that several journalists were targeted with the use of NSO Group’s Pegasus spyware on a massive scale in El Salvador. At least, the mobile phones of 35 journalists from six media outlets (El Faro, GatoEncerrado, La Prensa Grafica, Revista Digital Disruptiva and El Diario de Hoy) were infected by this spyware between July 2020 and November 2021.
Amnesty International Security Lab reviewed the report and verified forensic evidence on the use of Pegasus spyware against Salvadoran journalists. Erika Guevara-Rosas, Americas director at Amnesty International, said that “the use of Pegasus for the surveillance of communications in El Salvador reveals a new threat to human rights in the country. The authorities must stop any efforts to restrict freedom of expression, and conduct a thorough and impartial investigation to identify those responsible.” But president Nayib Bukele’s government has denied its responsibility and showed not results or signs of a full investigation of this case of espionage.