Security Leftovers
-
Pen Test Partners ☛ 2024-02-15 [Older] QR Phishing. Fact or Fiction?
-
Seth Michael Larson ☛ 2024-02-14 [Older] Challenges while building SBOM infrastructure for CPython
-
Qt ☛ Security advisory: Potential Buffer Overflow when reading KTX images
A recently reported potential buffer overflow issue in Qt’s KTX’s image handling has been assigned the CVE id CVE-2024-25580.
-
CISA ☛ 2024-02-13 [Older] Adobe Releases Security Updates for Multiple Products
-
CISA ☛ 2024-02-13 [Older] ISC Releases Security Advisories for BIND 9
-
CISA ☛ 2024-02-13 [Older] Microsoft Releases Security Updates for Multiple Products
-
Scoop News Group ☛ Ukrainian national pleads guilty for roles in Zeus, IcedID malware operations
Vyacheslav Igorevich Penchukov pleaded guilty to two counts, each of which carries a possible 20-year prison term.
-
RFERL ☛ U.S. Justice Department Says It Disrupted Russian-Intelligence Hacking Network
The U.S. Justice Department said on February 15 it disrupted a Russian-intelligence hacking network.
-
Security Week ☛ FBI Dismantles Ubiquiti Router Botnet Controlled by Russian Cyberspies
The US government says it has neutralized a network of hundreds of Ubiquiti Edge OS routers under the control of the Russia's APT28 hackers.
-
Scoop News Group ☛ DOJ, FBI disrupt Russian intelligence botnet
U.S. authorities disrupted the infrastructure used by a notorious Russian hacking group linked to the country's military intelligence agency.
-
RFERL ☛ U.S. Offers Rewards Worth Millions For Info On Russian Ransomware Group
The United States on February 15 announced a reward of up to $10 million for information leading to the identification or location of any of the leaders of the Russian-based criminal group known as BlackCat.
-
Silicon Angle ☛ Human rights court rules against backdoored end-to-end encryption
The European Court of Human Rights, or ECHR, has made a landmark ruling on data encryption that could affect the European Union’s online safety efforts.
-
Security Week ☛ Microsoft Warns of Exploited Exchange Server Zero-Day
Microsoft says a newly patched Exchange Server vulnerability (CVE-2024-21410) has been exploited in attacks.
-
Bruce Schneier ☛ On the Insecurity of Software Bloat
Good essay on software bloat and the insecurities it causes.
The world ships too much code, most of it by third parties, sometimes unintended, most of it uninspected. Because of this, there is a huge attack surface full of mediocre code. Efforts are ongoing to improve the quality of code itself, but many exploits are due to logic fails, and less progress has been made scanning for those. Meanwhile, great strides could be made by paring down just how much code we expose to the world. This will increase time to market for products, but legislation is around the corner that should force vendors to take security more seriously...