Security Leftovers
-
New York Times ☛ 4 Things You Need to Know About Health Care Cyberattacks
Despite the explosion in ransomware hacks like the one against Change Healthcare, regulation is spotty and few new safeguards have been proposed to protect patient data, vulnerable hospitals and medical groups.
-
LinuxSecurity ☛ Decade-Old GNU/Linux 'wall' Bug Helps Generate Fake SUDO Prompts, Threatens Password Security
A critical vulnerability has been found in the wall command of the util-linux package that poses a severe security threat to GNU/Linux systems. This vulnerability, known as WallEscape and tracked as CVE-2024-28085 , has been present in every package version for the past 11 years.
-
LWN ☛ Security updates for Friday
Security updates have been issued by Debian (chromium), Fedora (apache-commons-configuration, chromium, csmock, ofono, onnx, php-tcpdf, and podman-tui), Mageia (curl), Oracle (libreoffice), Slackware (coreutils, seamonkey, and util), SUSE (minidlna, PackageKit, and podman), and Ubuntu (linux-azure-6.5 and linux-intel-iotg, linux-intel-iotg-5.15).
-
SANS ☛ Quick Forensics Analysis of Apache logs, (Fri, Mar 29th)
-
Raphaël Hertzog ☛ Raphaël Hertzog: Freexian is looking to expand its team with more Debian contributors
It’s been a while that I haven’t posted anything on my blog, the truth is that Freexian has been doing very well in the last years and that I have a hard time to allocate time to write articles or even to contribute to my usual Debian projects… the exception being debusine since that’s part of the Freexian work (have a look at our most recent announce!).
-
Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 262 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
262. This version includes the following changes:* Factor out Python version checking in test_zip.py. (Re: #362)
* Also skip some zip tests under 3.10.14 as well; a potential regression may have been backported to the 3.10.x series. The underlying cause is still to be investigated. (Re: #362)
-
Security Week ☛ 26 Security Issues Patched in TeamCity
JetBrains patches 26 security issues in TeamCity and takes steps to avoid malicious exploitation of vulnerabilities.
-
Security Week ☛ Massachusetts Health Insurer Data Breach Impacts 2.8 Million
Harvard Pilgrim Health Care says the personal information of over 2.8 million individuals was stolen in a year-old ransomware attack.
-
Security Week ☛ Energy Department Invests $15 Million in University Cybersecurity Centers [Ed: It would be cheaper to mass-delete Windows]
The US Department of Energy announces $15 million funding for university-based electric power cybersecurity centers.
-
Security Week ☛ Pentagon Outlines Cybersecurity Strategy for Defense Industrial Base
US Defense Department releases defense industrial base cybersecurity strategy with a focus on four key goals.