Security Leftovers
-
LWN ☛ Security updates for Friday
Security updates have been issued by AlmaLinux (container-tools:4.0, container-tools:rhel8, git-lfs, glibc, libxml2, nodejs:18, and nodejs:20), Debian (dav1d and libpgjava), Fedora (kernel and pypy), Red Hat (glibc and nodejs:16), SUSE (ffmpeg, ffmpeg-4, ghostscript, go1.21, go1.22, less, python-python-jose, python-Werkzeug, and sssd), and Ubuntu (fossil, glib2.0, and libspreadsheet-parsexlsx-perl).
-
IT Wire ☛ Google patches fifth zero-day flaw in Chrome this year
Google said in an advisory that details of the bug would be kept hidden until a majority of users had applied the patch.
"We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed," the company added.
{Loadposition sam08}Google said the bug had been reported by an anonymous external source.
-
Security Week ☛ Exploited Chrome Zero-Day Patched by Google
A Chrome 124 update patches the second Chrome zero-day that has been found to be exploited in malicious attacks in 2024.
-
Security Week ☛ Healthcare Giant Ascension Hacked, Hospitals Diverting Emergency Service
One of the largest healthcare systems in the United States is scrambling to contain a hack that's causing disruption and “downtime procedures” at hospitals around the country.
-
Security Week ☛ In Other News: European Parliament Breach, DocGo Hack, VMware Advisories Moved
Noteworthy stories that might have slipped under the radar: European Parliament application breached, DocGo hacked, VMware advisories moved to Broadcom portal.
-
Hong Kong Free Press ☛ Hackers steal data on 8,100 Hong Kong students amid wave of cyberattacks
Personal details of more than 8,000 students at a private Hong Kong college have been stolen and reportedly posted on the dark web, the latest in a spate of cyberattacks in the city which have sparked calls for tighter safeguards.
-
3 Dnsmasq Vulnerabilities Fixed in Ubuntu
Dnsmasq is a lightweight, easy-to-configure DNS forwarder and DHCP server commonly used in Linux distributions. It provides DNS caching and forwarding, DHCP services, router advertisement, and network booting. In recent updates, the Ubuntu security team has addressed three vulnerabilities in Dnsmasq, a widely used small caching DNS proxy and DHCP/TFTP server. These updates are crucial for ensuring the continued security and stability of systems running various Ubuntu releases, including Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04, and Ubuntu 16.04.
-
Embedded.com ☛ Linux backdoor threat is a wake-up call for IoT [Ed: Xz is not Linux and this is recycling of Microsoft talking point preceding a scathing report about Microsoft gettihg cracked entirely]
Linux is often the default choice for many IoT devices, but with recent backdoor threat we look at why an RTOS can better deliver security and minimalism.