Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (h2o, open-vm-tools, pmix, and zookeeper), Gentoo (GitPython), Oracle (firefox, java-11-openjdk, java-17-openjdk, libguestfs-winsupport, nginx:1.22, and thunderbird), Red Hat (samba), SUSE (container-suseconnect, libsndfile, and slurm), and Ubuntu (krb5, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux-laptop, linux-nvidia-6.2, linux-oem-6.1, linux-raspi, open-vm-tools, and xorg-server).
-
Paul Wise: FLOSS Activities October 2023
-
Security Week ☛ Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks
Check Point reports that an Iranian APT has been observed using a new malware framework in targeted attacks in the Middle East.
-
SANS ☛ Malware Dropped Through a ZPAQ Archive, (Wed, Nov 1st)
Did you ever seen ZPAQ archives? This morning, my honeypot captured a phishing attempt which lured the potential victim to open a "ZPAQ" archive. This is not a common file format. This could be used by the attacker to bypass classic security controles. What Wikiepadia says about ZPAQ:
-
Federal News Network ☛ SEC suing SolarWinds and its CISO over Russian hack
In today's Federal Newscast: The SEC is suing SolarWinds and its chief information security officer for "defrauding investors." The Pentagon prepares to launch an artificial intelligence pilot program. And spending on classified intelligence activities has taken a big jump to nearly $100 billion.
-
Security Week ☛ Chrome 119 Patches 15 Vulnerabilities
Chrome 119 is rolling out to Linux, macOS, and backdoored Windows users with patches for 15 vulnerabilities.
-
Linux Magazine ☛ StripedFly Malware Hiding in Plain Sight as a Cryptocurrency Miner
A rather deceptive piece of malware has infected 1 million backdoored Windows and GNU/Linux hosts since 2017.