Security Leftovers
-
Security updates for Tuesday [LWN.net]
Security updates have been issued by Debian (curl, python-werkzeug, and spip), Fedora (curl), Mageia (apache-commons-fileupload, apr, c-ares, clamav, git, gnutls, ipython, jupyter-core, php, postgresql, python-cryptography, python-jupyterlab, python-twisted, sofia-sip, and sox), Red Hat (git, httpd, kernel, kernel-rt, kpatch-patch, lua, openssl, pcs, php, python-setuptools, python3.9, systemd, tar, vim, and zlib), SUSE (libxslt, php8, postgresql15, python3, tpm2-0-tss, and ucode-intel), and Ubuntu (curl, mplayer, openjdk-17, openjdk-19, openjdk-lts, openjdk-8, python3.9, and ruby-rack).
-
Cisco Patches Critical Vulnerability in IP Phones
Cisco has released patches for a critical remote code execution vulnerability in certain IP phones.
-
Biden’s Cybersecurity Strategy Assigns Responsibility to Tech Firms [Ed: Another form of bailout, in effect passing taxpayers' money to rich people in the name of national security; sometimes those firms are in fact the culprits and cause of the security problems. e.g. Microsoft]
The policy document urges more mandates on the firms that control most of the nation’s digital infrastructure, and an expanded government role to disrupt hackers and state-sponsored entities.
-
Advanced Container Security: Auto-Benchmarking, Pentesting, XDR and More
Container security refers to the set of practices, tools and technologies used to secure containerized applications and the underlying infrastructure they run on.
-
Home Assistant Let’s Encrypt Add-on – how to get the newly obtained cert used?
I have the Let's Encrypt Add-on configured for my Home Assistant logon. I got it to renew. I see the cert is stored at /data/letsencrypt/live/hass.example.org/fullchain.pem. But I don't see directory in my terminal session for Home Assistant. It's as if I should just give up and use an Nginx proxy instead.
-
BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems [Ed: Microsoft Windows TCO again]
ESET says the BlackLotus UEFI bootkit can bypass secure boot on fully updated Windows 11 systems.
-
Critical Vulnerabilities Allowed Booking.com Account Takeover
Booking.com recently patched several vulnerabilities that could have been exploited to take control of a user’s account.
-
Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack
Canadian bookstore chain Indigo this week confirmed that employee data was stolen in a ransomware attack last month.
-
Information of European Hotel Chain’s Customers Found on Unprotected Server
The personal information of many customers of European hotel chain Falkensteiner was discovered by a researcher on an unprotected server.