Security Leftovers and Windows TCO
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Fedora (abseil-cpp, chromium, filezilla, libfilezilla, and xorg-x11-server-Xwayland), Oracle (firefox, gnutls, golang, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, kernel, libreswan, mod_http2, owO: thunderbird, and thunderbird), Red Hat (container-tools:rhel8, gnutls, grub2, kernel, kernel-rt, less, linux-firmware, opencryptoki, pcs, postgresql-jdbc, and thunderbird), Slackware (ruby), SUSE (kubernetes1.23, kubernetes1.24, and opensc), and Ubuntu (firefox, linux-azure, linux-lowlatency, linux-nvidia, and ruby-sanitize).
-
OpenSSF (Linux Foundation) ☛ OpenSSF Newsletter – April 2024
Welcome to the April 2024 edition of the OpenSSF Newsletter, with our latest information on what’s been happening lately and what’s on our radar.
-
Hackaday ☛ New JEDEC DDR5 Memory Specification: Up To 8800 MT/s, Anti-Rowhammer Features
As DDR SDRAM increases in density and speed, so too do new challenges and opportunities appear. In the recent DDR5 update by JEDEC – as reported by Anandtech – we see not only a big speed increase from the previous maximum of 6800 Mbps to 8800 Mbps, but also the deprecation of Partial Array Self Refresh (PASR) due to security concerns, and the introduction of Per-Row Activation Counting (PRAC), which should help with row hammer-related (security) implications.
-
Security Week ☛ $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors
Four Iranians are accused of hacking into critical systems at the Departments of Treasury and State and dozens of private US companies.
-
Security Week ☛ Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor
The LockBit ransomware gang leaks data allegedly stolen from government contractor Tyler Technologies.
> -
Security Week ☛ Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
Palo Alto Networks firewall vulnerability CVE-2024-3400, exploited as a zero-day, impacts a Siemens industrial product.
-
SANS ☛ API Rug Pull - The NIST NVD Database and API (Part 4 of 3), (Wed, Apr 24th)
A while back I got an email from Perry, one of our readers who was having a problem using my cvescan script, which I covered in a 3 part story back in 2021:
-
Windows TCO
-
Bitdefender ☛ City street lights "misbehave" after ransomware attack
But the ransomware attack on Leicester City Council's infrastructure doesn't stop there. As local media reports, residents have noticed that some street lights have been constantly shining, 24 hours a day, ever since.
-
Scoop News Group ☛ CISA ransomware warning program set to fully launch by end of 2024
The program would warn organizations running software or hardware with vulnerabilities being exploited by ransomware gangs.
-
Security Week ☛ CISA Warns of backdoored Windows Print Spooler Flaw After Abusive Monopolist Microsoft Sees Russian Exploitation
CISA warns organizations of a two-year-old backdoored Windows Print Spooler vulnerability being exploited in the wild.
-
IT Wire ☛ State-level actor using flaw patched in October 2022 to hit Microsoft
A state-level actor, suspected to be from Russia and known as APT28 or Forest Blizzard, has been using malware known as GooseEgg to exploit a vulnerability within the backdoored Windows Print Spooler service.
-