Security Leftovers
-
Dark Reading ☛ Proxy Trojan Targets macOS Users for Traffic Redirection
Apple users who end up with the trojan on their machines face a number of bad outcomes, including potential criminal liability.
-
Dark Reading ☛ As SAT Goes Digital, Schools Must Prepare for Disruption
Local school districts nationwide need to ensure the basic security and readiness of their network infrastructure before spring 2024.
-
Mozilla ☛ Mozilla Security Blog: Mozilla VPN Security Audit 2023
To provide transparency into our ongoing efforts to protect your privacy and security on the Internet, we are releasing a security audit of Mozilla VPN that Cure53 conducted earlier this year.
The scope of this security audit included the following products: [...]
-
Tom's Hardware ☛ LogoFAIL exploit bypasses hardware and software security measures and is nearly impossible to detect or remove
Newly discovered LogoFAIL vulnerability acts early enough to bypass hardware and software security measures, making it nearly impossible to detect or remove.
-
IT Jungle ☛ Government Cracks Down on Security Responses, Unpatched Vulns
New federal rules that go into effect next week require public companies to share information about past security incidents within four days of the event, as well as detail in annual reports how they’re preparing for future attacks. And a state prosecutor in New York fined a company for allowing hackers to steal customer data through a critical zero-day security vulnerability that was left unpatched for 11 months.
-
Security Week ☛ CISA Urges Federal Agencies to Patch Exploited Qualcomm Vulnerabilities
CISA has added to its Known Exploited Vulnerabilities Catalog four Qualcomm bugs, including three exploited as zero-days.
-
Security Week ☛ Adobe ColdFusion Vulnerability Exploited in Attacks on US Government Agency
US government agency was targeted in attacks that involved exploitation of an Adobe ColdFusion vulnerability tracked as CVE-2023-26360.
-
Security Week ☛ GAO: Federal Agencies Yet to Fully Implement Incident Response Capabilities
A new GAO report reveals that 20 out of 23 US federal agencies have not fully implemented incident response plans.
-
Security Week ☛ Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images [Ed: UEFI is the opposite of security]
LogoFAIL is an UEFI image parser attack allowing hackers to compromise consumer and enterprise devices using malicious logo images.
-
Ars Technica ☛ Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack | Ars Technica
UEFIs booting Windows and Linux devices can be hacked by malicious logo images.
-
Federal News Network ☛ CISA issues patch reminder after federal agency hacked via outdated software [Ed: Windows is a 90s platform, thus outdated. CISA is Microsoft-infested.]
The hackers were likely mapping the unidentified agency's network, but "no evidence is available to confirm successful data exfiltration or lateral movement during either incident," CISA says.
-
Federal News Network ☛ GAO blames staffing shortages for agencies’ failures to battle cyber attacks [Ed: Not Windows or people who deploy it?]
In today's Federal Newscast: Sen. Tommy Tuberville (R-Ala.) has lifted his abortion-driven hold on military promotions. Job satisfaction at the Homeland Security Department has increased. And GAO blames staffing shortages for the failure of federal agencies to battle cyber attacks.
-
CyberRisk Alliance LLC ☛ Microsoft blames Russia for ongoing hacks of 9-month-old Exchange bug | SC Media [Ed: Microsoft blames "Russia" for Microsoft holes. As usual.]
Ongoing exploitation of unpatched instances of a Microsoft Exchange flaw is being tied to Russia-linked APT28 or Fancy Bear.