Security Leftovers
-
Ubuntu 18.04 Support Is About to End, but Not for Everyone [Ed: Canonical charging money for security patches. "My server got cracked because I was poor and didn't pay billionaire Mark Shuttleworth" may be worse than "I lost my blue tick thing in Twitter because I did not pay Elon Musk". Don't use Ubuntu if it resorts to upselling tactics (proprietary stuff) with security 'ransom' on top (risk breaking things by upgrading or pay us for more patches). "Try GNU/Linux... it's free... but then you need to start paying Mark Shuttleworth or risk breaking your workflow..."]
Ubuntu is still one of the most popular Linux distributions, with a large install base across desktop PCs, servers, and embedded devices. Canonical is about to say goodbye to Ubuntu 18.04, unless you use Ubuntu Pro.
Ubuntu 18.04 LTS, also known as “Bionic Beaver,” will reach the end of its promised five-year support window on May 31, 2023. After that point, it won’t receive critical security updates or updates to most apps in the default software repositories. Flatpak and Snap-based applications may continue to work, since they usually aren’t tied to specific OS releases, but they may start breaking in unexpected ways (if they haven’t already).
Ubuntu 18.04 was released in April 2018, replacing 16.04 as the new Long Term Support (LTS) release. For people upgrading from 16.04 (Canonical recommends most people stick to the LTS versions), it switched from the defunct Unity desktop to GNOME Shell, reworked the login and lock screens, improved the Settings app, and more. Ubuntu 18.04 LTS also served as the base for countless other distributions, including official derivatives like Lubuntu 18.04 and third-party spins like elementary OS 5.0 Juno.
-
Google researchers detail recently discovered campaigns targeting iOS, Android and Chrome [Ed: Spyware company warns us about... Spyware! (That's not its own)]
Google LLC's Threat Analysis Group today revealed the details of two recently discovered campaigns that use various unpatched or "zero-day" exploits against Android, iOS and Chrome. The first campaign was discovered in November and targeted victims through bit.ly links sent to users over SMS text messages in Italy, Malaysia and Kazakhstan.
-
NVIDIA release details of security issues and release new drivers
NVIDIA issued a new Security Bulletin, to advise you to update your GPU drivers due to multiple security issues discovered. This bulletin went out today with the email arriving in my inbox moments ago, so here's the details of the issues that affect Linux.
-
Microsoft confirms it’s testing ads in Bing Chat [Ed: Bing has layoffs, Bing rapidly loses market share, Bing is no business model]
Yusuf Mehdi, the corporate vice president of Microsoft’s modern life, search and devices group, wrote in a Wednesday blog post that the company is “exploring placing ads in the chat experience.” Revenue from those ads, the executive added, will be shared with publishers.
-
Now-patched Azure vulnerability opened the door to remote code execution
Dubbed “Super FabriXss,” the vulnerability was demonstrated at BlueHat IL 2023, showing how they could escalate a reflected cross-site scripting vulnerability in Azure Service Fabric Explorer. The demonstration showed how an unauthenticated Remote Code Execution could abuse the metrics tab and enable a specific option in the console, the ‘Cluster Type’ toggle.
Orca describes Super FabriXss as a dangerous cross-site scripting or XXS vulnerability that affects Azure Service Fabric Explorer. The vulnerability enables unauthenticated, remote attackers to execute code on a container hosted on a Service Fabric node.