Security Leftovers
-
Security updates for Wednesday [LWN.net]
Security updates have been issued by Debian (exiv2, hsqldb, libjettison-java, ruby-sinatra, and viewvc), Fedora (golang-github-docker, mbedtls, and vim), Gentoo (alpine, commons-text, jupyter_core, liblouis, mbedtls, ntfs3g, protobuf-java, scikit-learn, and twisted), Red Hat (kernel and kpatch-patch), SUSE (rubygem-activerecord-5.2, tiff, and webkit2gtk3), and Ubuntu (dotnet6, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-oracle, linux-ibm, and linux-oem-5.17, linux-oem-6.0).
-
Google Kickstarts 2023 With 17 Chrome Security Vulnerability Updates For Windows, Mac & Linux [Ed: Microsoft's longtime propagandist Davey Winder trying to shift attention away from Microsoft's back doors, as usual (he can't help himself, revealing his Redmond handlers)]
-
Everything to Know About Passkeys for a Password-Free Future | Wirecutter
Usernames and passwords may soon be going away. Passkeys will replace them.
-
PyTorch Poisoned in Software Supply Chain Attack - The New Stack
If you downloaded PyTorch-nightly on Linux via pip between Dec. 25, 2022, and Dec. 30, 2022, you’ve got trouble.
-
NCSC-UK Releases Guidance on Using MSP for Administering Cloud Services [Ed: But their site does not even work without proprietary JS!]
The United Kingdom’s National Cyber Security Centre (NCSC-UK) has released a blog post, Using MSPs to administer your cloud services, that provides organizations security considerations for using a third party, such as a managed service provider (MSP), to administer cloud services. Contracting with an MSP for cloud service management has become an increasingly appealing option for organizations.