Security Breaches, Patches, and News
-
LinuxSecurity ☛ Closing the Security Gap: Navigating Modern Technology and Outdated Systems in GNU/Linux Security
Most businesses understand the need for cybersecurity. However, many of those same companies still rely on outdated systems, making it hard to ensure the security they know they need.
-
Tom's Hardware ☛ Samsung Magician Software updated after ‘high severity’ security vulnerability found
Samsung has issued an update to its Magician Software SSD tool after a 'high severity' vulnerability, allowing local users higher privilege file access, was found.
-
Security Week ☛ Fortinet Warns of New FortiOS Zero-Day
Fortinet patches CVE-2024-21762, a critical remote code execution vulnerability that may have been exploited in the wild.
-
CNX Software ☛ Ovrdrive USB is an open-source, privacy-oriented USB flash drive that can self-destruct (Crowdfunding)
We have previously covered the Tillitis Tkey, an open-source security key in a USB-C case but the Ovrdrive USB stick is not a security key. It is a simple, plain USB flash drive with a special security feature. It will appear completely blank unless you plug this drive in three times in quick succession. The Ovrdrive flash drive is aimed at journalists in repressive areas and security researchers but may be useful to other security and open-source hardware enthusiasts.
-
Security Week ☛ US Offers $10M Reward for Information on Hive Ransomware Leaders
One year after taking down Hive ransomware, US announces a $10 million reward for information on the group’s key members.
-
Security Week ☛ AnyDesk Shares More Information on Recent Hack
AnyDesk has provided more information on the recent hack, including when the attack started and its impact.
-
Security Week ☛ In Other News: $350 Million Surveillance Giant Google Settlement, AI-Powered Fraud, Cybersecurity Funding
Noteworthy stories that might have slipped under the radar: $350 million Google+ data leak settlement, Hey Hi (AI) used for fraud, 2023 cybersecurity funding report.
> -
Tom's Hardware ☛ Security firm now says toothbrush DDOS attack didn't happen, but source publication says company presented it as real
Around three million smart toothbrushes have been infected by hackers and enslaved into botnets. They caused millions of Euros in damages for a Swiss company, according to a newspaper report.
-
SANS ☛ MSIX With Heavily Obfuscated PowerShell Script, (Fri, Feb 9th) [Ed: Windows TCO]
I started to hunt for such files and saw a big decrease in interesting hints.
-
Security Week ☛ Ivanti Patches High-Severity Vulnerability in VPN Appliances
An XXE flaw in Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways could lead to unauthenticated access to resources.
-
Security Week ☛ New macOS Backdoor Linked to Prominent Ransomware Groups
Written in Rust, the new RustDoor macOS backdoor appears linked to Black Basta and Alphv/BlackCat ransomware.
-
Security Week ☛ Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft [Ed: The real news is, Israel uses too much Microsoft and breaches are Microsoft's fault, not Iran's]
Iran’s offensive cyber operations against Israel went from chaotic in October 2023 to targeting new geographies a month later.
-
Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 256 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
256. This version includes the following changes:* Use a determistic name when extracting content from GPG artifacts instead of trusting the value of gpg's --use-embedded-filenames. This prevents a potential information disclosure vulnerability that could have been exploited by providing a specially-crafted GPG file with an embedded filename of, say, "../../.ssh/id_rsa".
-
DragonFly BSD Digest ☛ Wireguard in DragonFly
There’s a huge amount of commits for this, but I’ll point at the first with FreeBSD code; one of several incorporating OpenBSD changes, and of course it rolls out to tools.
-
Medevel ☛ H4X-Tools is an Open-source OSINT tool for hackers
H4X-Tools is a comprehensive, user-friendly, and highly versatile software toolkit that provides a wide range of powerful features. It is designed to facilitate various tasks such as web scraping, OSINT (Open Source Intelligence), and much more.