Security Leftovers
-
Hackaday ☛ USB HID And Run Exposes Yet Another BadUSB Surface
You might think you understand the concept of BadUSB attacks and know how to defend it, because all you’ve seen is opening a terminal window. Turns out there’s still more attack surface to cover, as [piraija] tells us in their USB-HID-and-run publication. If your system doesn’t do scrupulous HID device filtering, you might just be vulnerable to a kind of BadUSB attack you haven’t seen yet, rumoured to have been the pathway a few ATMs got hacked – simply closing the usual BadUSB routes won’t do.
-
Multiple Puma Vulnerabilities Fixed in Ubuntu
Puma is a threaded HTTP 1.1 server used for running Ruby web applications. It facilitates communication between web browsers and Ruby applications, handling incoming requests and delivering responses. Recently, the Ubuntu security team released updates to address Puma vulnerabilities in Ubuntu 22.04 LTS and Ubuntu 20.04 LTS releases. In this article, we’ll explore the specifics of these patched vulnerabilities.
-
Proporsed Rule: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements
NOTE: This is quite long, so leave yourself time to read it. Comments and related material must be submitted on or before June 3, 2024.
-
Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 263 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
263
. This version includes the following changes: [...]