Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (bind, bind and dhcp, bind9.16, gnutls, httpd:2.4/mod_http2, squid:4, and unbound), Debian (kernel, trafficserver, and xorg-server), Fedora (chromium, kernel, libopenmpt, and rust-h2), Mageia (apache-mod_jk, golang, indent, openssl, perl-HTTP-Body, php, rear, ruby-rack, squid, varnish, and xfig), Oracle (bind, squid, unbound, and X.Org server), Red Hat (bind and dhcp and unbound), Slackware (less and php), SUSE (gnutls, python-Pillow, webkit2gtk3, xen, xorg-x11-server, and xwayland), and Ubuntu (yard).
-
Security Week ☛ Cisco Duo Says Hack at Telephony Supplier Exposed MFA SMS Logs
Cisco Duo warns that breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks.
-
LinuxSecurity ☛ Protect Your GNU/Linux Web Apps and Meet Compliance Standards
Security is vital for your GNU/Linux web apps, but keeping up with the latest exploits and meeting compliance standards can quickly become overwhelming.
-
OpenSSF (Linux Foundation) ☛ Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects
The recent attempted XZ Utils backdoor (CVE-2024-3094) may not be an isolated incident as evidenced by a similar credible takeover attempt intercepted by the OpenJS Foundation, home to JavaScript projects used by billions of websites worldwide.
-
LinuxSecurity ☛ Threat Actors Are Actively Using Pupy RAT Malware to Attack GNU/Linux Systems
A resurgence of cyberattacks targeting GNU/Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been observed.
-
Security Week ☛ NightVision Raises $5.4 Million for Application Security Testing
NightVision, an early stage startup in the application security testing space, has raised $5.4 million in seed funding.
-
Security Week ☛ Ransomware Group Claims Theft of Data From Chipmaker Nexperia
The Dark Angels (Dunghill) ransomware group claims to have stolen 1 Tb of data from Nexperia, which is investigating the incident.
-
Security Week ☛ Juniper Networks Publishes Dozens of New Security Advisories
Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products.
-
Security Week ☛ Palo Alto Networks Releases Fixes for Firewall Zero-Day as Attribution Attempts Emerge
Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus.
-
OpenSSF (Linux Foundation) ☛ OpenSSF Announces New Members & Initiatives at SOSS Community Day North America
The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the 'Linux' Foundation that focuses on sustainably securing open source software (OSS), is excited to announce new members from leading technology, aerospace, and security firms at Secure Open Source Software (SOSS) Community Day North America.
-
Federal News Network ☛ The open standard that is unlocking zero trust collaboration with allies
Remember, strong data security isn't a barrier. It's a necessary — and cost-effective — bridge to a brighter future.
-
SANS ☛ Quick Palo Alto Networks Global Protect Vulnerability Update (CVE-2024-3400), (Mon, Apr 15th)
This is a quick update to our initial diary from this weekend
-
Windows TCO
-
Security Week ☛ Two People Arrested in Australia and US for Development and Sale of Hive RAT
Authorities in Australia and the US have arrested and charged two individuals for developing and selling the Hive RAT.
-