Security Leftovers

posted by Roy Schestowitz on Mar 28, 2024

• Security updates for Wednesday

  Security updates have been issued by Debian (composer and nodejs), Fedora (w3m), Mageia (tomcat), Oracle (expat, firefox, go-toolset:ol8, grafana, grafana-pcp, nodejs:18, and thunderbird), Red Hat (dnsmasq, expat, kernel, kernel-rt, libreoffice, and squid), and SUSE (firefox, krb5, libvirt, and shadow).

• Hackers Target Chinese With Notepad++ and Vnote Installers

  Discover how Chinese users are falling victim to malicious ads offering fake Notepad++ and Vnote installers. Stay protected!

• IT Jungle ☛ Cybercriminals Targeting American Water Infrastructure, Feds Say [Ed: Windows TCO

  In a letter addressed to the governors of all 50 states, EPA Administrator Michael Regan and Jake Sullivan, assistant to the president for National Security Affairs, warned that government security professionals have detected attacks on water systems coming from China and Iran.

• The Strategist ☛ Why cyber indictments and sanctions matter

  On 25 March, the US and Britain attributed malicious cyber activity to a China-based hacking group backed by the Chinese government. They issued indictments and sanctions.

• Security Week ☛ Code Execution Flaws Haunt NVIDIA ChatRTX for Windows

  Artificial intelligence computing giant NVIDIA patches flaws in ChatRTX for backdoored Windows and warns of code execution and data tampering risks.

• Security Week ☛ Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working

  Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns.

• Federal News Network ☛ Contractor lawyer’s take on that cybersecurity rule

  That new safe software attestation rule from the Homeland Security Department has become final.

• Scoop News Group ☛ CISA releases draft rule for cyber incident reporting

  The proposal describes when critical infrastructure organizations will be required to report cybersecurity incidents.

• Security Week ☛ Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own

  Google ships a security-themed Chrome browser refresh to fix flaws exploited at the CanSecWest Pwn2Own hacking contest.

• Security Week ☛ Ray Hey Hi (AI) Framework Vulnerability Exploited to Hack Hundreds of Clusters

  Disputed Ray Hey Hi (AI) framework vulnerability exploited to steal information and deploy cryptominers on hundreds of clusters.

• Security Week ☛ Organizations Informed of 10 Vulnerabilities in Rockwell Automation Products

  In the past week Rockwell Automation addressed 10 vulnerabilities found in its FactoryTalk, PowerFlex and Arena Simulation products.

• Security Week ☛ CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks

  CISA says a second SharePoint vulnerability demonstrated last year at Pwn2Own, CVE-2023-24955, has been exploited in the wild.

• JURIST ☛ New Zealand alleges Chinese state-sponsored group conducted cyberattacks on parliament in 2021

  New Zealand’s government expressed concerns Tuesday about China’s alleged involvement in a cyberattack that targeted New Zealand’s parliament.

• JURIST ☛ UK holds China state-affiliated organizations responsible for cyber campaigns targeting democratic institutions

  The UK and its global allies held Chinese state-affiliated organizations and individuals responsible for two cyber campaigns targeting democratic institutions and parliamentarians on Monday. Partners across the Indo-Pacific and Europe expressed support for the UK’s efforts in addressing these cyber activities.

• The Register UK ☛ Germany warns of 17,000 unpatched Microsoft Exchange servers • The Register