Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (glibc, intel-microcode, less, libkf5ksieve, and ruby3.1), Fedora (chromium, gdcm, httpd, and stalld), Gentoo (Apache Commons BCEL, borgmatic, Dalli, firefox, HTMLDOC, ImageMagick, MediaInfo, MediaInfoLib, MIT krb5, MPlayer, mujs, Pillow, Python, PyPy3, QtWebEngine, Setuptools, strongSwan, and systemd), Oracle (grub2 and shim), Red Hat (git-lfs, kpatch-patch, unbound, and varnish), and SUSE (avahi, grafana and mybatis, java-11-openjdk, java-17-openjdk, skopeo, SUSE Manager Client Tools, SUSE Manager Salt Bundle, and SUSE Manager Server 4.3).
-
Krebs On Security ☛ Why Your VPN May Not Be As Secure As It Claims
Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.
-
Scoop News Group ☛ Stealing cookies: Researchers describe how to bypass modern authentication
Passwordless authentication standards have improved identity security, but new research indicates this technology is vulnerable to token hijacks and man-in-the-middle attacks.
-
Scoop News Group ☛ The missed opportunities in White House’s critical infrastructure directive
The rewrite of PPD-21 is a good start, but still relies on Congress to get through the biggest hurdles, experts say.
-
Security Week ☛ Google Debuts New Security Products, Hyping Hey Hi (AI) and Mandiant Expertise
Google rolls out new threat-intel and security operations products and looks to the magic of Hey Hi (AI) to tap into the booming cybersecurity market.
-
Security Week ☛ City of Wichita Shuts Down Network Following Ransomware Attack
The City of Wichita, Kansas, has shut down its network after falling victim to a file-encrypting ransomware attack.
-
Hong Kong Free Press ☛ Hong Kong fire department reports potential data leak, marking third gov’t data breach in less than a week
Hong Kong’s fire department has discovered a computer system breach that exposed the personal data of over 5,000 department personnel and hundreds of residents, marking the third data security incident involving the government in less than a week.
-
Security Week ☛ Iranian Cyberspies Hit Targets With New Backdoors
Iranian state-sponsored group APT42 is targeting NGOs, government, and intergovernmental organizations with two new backdoors.
-
Federal News Network ☛ CMMC is coming, but concerns for small businesses persist under revamped rule
SBA’s Office of Advocacy is calling on the Pentagon to make sure small businesses don’t fall behind as it rolls out the CMMC requirements.