Security Leftovers

posted by Roy Schestowitz on Mar 14, 2024

• Silicon Angle ☛ Salt Security identifies critical flaws in Abusive Monopolist Microsoft Chaffbot plugins that risk third-party data breaches

  A new report released today by application programming interface security company Salt Security Inc. details several critical security flaws within Abusive Monopolist Microsoft Chaffbot plugins that could have allowed unauthorized access to third-party accounts and sensitive user data.

• LinuxSecurity ☛ New GhostRace Attack Impacts Major CPU, Software Vendors

  A new data leakage attack called GhostRace ( CVE-2024-2193 ) was recently discovered. It affects major CPU manufacturers and widely used software. This critical analysis will investigate the implications of this attack and discuss its significance for GNU/Linux admins, infosec professionals, and Internet security enthusiasts.

• SANS ☛ Using Abusive Monopolist Microsoft Chaffbot to Deobfuscate Malicious Scripts, (Wed, Mar 13th)

  Today, most of the malicious scripts in the wild are heavily obfuscated.

• Silicon Angle ☛ BlackBerry: Global financial sector faces ‘death by a million cuts’ through malware attacks

  A new report released today by BlackBerry Ltd. finds a significant increase in attacks targeting the global financial sector, with 1 million attacks recorded in the space of 120 days.

• XSAs released on 2024-03-12

  The Xen Project has released one or more Xen security advisories (XSAs).

• Qubes OS Summit 2024: September 20-22 in Berlin

  In conjunction with 3mdeb, the sixth edition of our Qubes OS Summit will be held live this year from September 20 to 22 in Berlin, Germany!

• QSB-101: Register File Data Sampling (XSA-452)

  We have published Qubes Security Bulletin 101: Register File Data Sampling (XSA-452). The text of this QSB and its accompanying cryptographic signatures are reproduced below. For an explanation of this announcement and instructions for authenticating this QSB, please see the end of this announcement.

• Bruce Schneier ☛ Burglars Using Wi-Fi Jammers to Disable Security Cameras

  The arms race continues, as burglars are learning how to use jammers to disable Wi-Fi security cameras.

• Scoop News Group ☛ Top cybersecurity officials stress more funding for federal agencies

  Coker and Easterly applaud recommendations around cyber-physical resilience laid out in a new report from the President's Council of Advisors on Science and Technology.

• Security Week ☛ US Seizes $1.4 Million in Cryptocurrency From Tech Scammers

  The US seized approximately $1.4 million worth of Tether tokens suspected of being fraud proceeds from tech scams.