Security Leftovers
AppArmor Switches To SHA256 Policy Hashes In GNU/Linux 6.8
An important change has been made in the AppArmor GNU/Linux kernel security module . The change involves switching from using the insecure SHA1 algorithm to the more secure SHA256 algorithm for AppArmor policy hashes.
-
Data Breaches ☛ Owner of BreachedForums sentenced to time served plus 20 years supervised release with special conditions
Just days after prosecutors in the Eastern District of Virginia recommended that Conor Fitzpatrick, aka “Pompompurin,” be sentenced to at least 15 years in prison, District Judge Leonie M. Brinkema sentenced him to time served and supervised release.
-
SANS ☛ macOS Python Script Replacing Wallet Applications with Rogue Apps, (Fri, Jan 19th)
Still today, many people think that Fashion Company Apple and its macOS are less targeted by malware.
-
QSB-099: Qrexec policy leak via policy.RegisterArgument service
We have published Qubes Security Bulletin 099: Qrexec policy leak via policy.RegisterArgument service. The text of this QSB and its accompanying cryptographic signatures are reproduced below. For an explanation of this announcement and instructions for authenticating this QSB, please see the end of this announcement.
-
Federal News Network ☛ CISA mandates agencies close 2 cyber vulnerabilities immediately
The Cybersecurity and Infrastructure Security Agency issued an emergency directive after software firm Ivanti discovered vulnerabilities in two widely-used products.
-
Federal News Network ☛ How small contractors can prepare for new cybersecurity rules
Some contractors are slowly reassessing spend in other areas of the company and applying larger budgets to future IT and cyber compliance. That way, the additional costs are not surprising once compliance is required.
-
Security Week ☛ CISA Issues Emergency Directive on Ivanti Zero-Days
The US government’s cybersecurity agency CISA ramps up the pressure on organizations to mitigate two exploited Ivanti VPN vulnerabilities.
-
Security Week ☛ VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million
Apparel and footwear brands owner VF Corp shares more details on the impact of a December 2023 ransomware attack.
-
Security Week ☛ Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases
The number of Ivanti VPN appliances compromised through exploitation of recent flaws increases and another vulnerability is added to exploited list.
-
Security Week ☛ US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities
CISA, FBI and EPA document aims to help water and wastewater organizations improve their cyber resilience and incident response.
-
Security Week ☛ VMware vCenter Server Vulnerability Exploited in Wild
VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild.
-
Tom's Hardware ☛ I survived a scary Blue Screen of Death, the dreaded Kernel Security Check Failure. Here's how.
Blue is one of my favorite colors, but when it takes over my entire screen, I start to panic . . . and for good reason. The Windows Blue Screen of Death (BSOD) appears suddenly when your computer crashes and leaves you with two gripping questions: "why did this happen" and "will it happen again?"
Last week, my computer hit me with the blue screen of death shown at the top of this page, a Kernel Security Check Failure, and my monitor wasn't the only one wearing a frown. I got this BSOD twice, both times when I started playing a video in my browser.