Security Leftovers
-
Silicon Angle ☛ Google issues emergency Chrome update to patch critical new vulnerability
Google LLC has released a new emergency Chrome browser security update following the emergence of a new zero-day security vulnerability that is being exploited in the wild. >
-
IT Wire ☛ Google issues fix for third zero-day in Chrome in a week
Google's (and Apple's) reluctance to offer more details about severe bugs is often justified by these companies on the alleged grounds that this could help attackers craft code to take advantage of these flaws.
But that is mostly a spurious argument as attackers are normally far ahead of these companies in knowing the weaknesses of their software and ways to attack it.
In its advisory, Surveillance Giant Google says: "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed."
-
SANS ☛ Why yq? Adventures in XML, (Thu, May 16th)
I was recently asked to "recover" a RADIUS key from a Abusive Monopolist Microsoft NPS server.
-
LinuxSecurity ☛ Thunderbird DoS, Info Disclosure Vulns Fixed in Ubuntu and Debian
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and newsgroup client. The identified vulnerabilities could result in denial of service attacks, unauthorized access to sensitive information, and the execution of arbitrary code. As GNU/Linux admins, infosec professionals, and security enthusiasts, it is crucial to understand the implications of these vulnerabilities and take necessary action to protect systems and data.