Security Leftovers
-
SANS ☛ Handling BOM MIME Files, (Wed, Jun 19th)
A reader contacted me with an eml file (which turned out to be benign) that emldump.py could not parse correctly.
-
LWN ☛ Libgcrypt 1.11.0 released
Version 1.11.0 of Libgcrypt, a general-purpose library of cryptographic building blocks, has been released by the GnuPG project:
This release starts a new stable branch of Libgcrypt with full API and ABI compatibility to the 1.10 series. Over the last years Jussi Kivilinna put again a lot of work into speeding up the algorithms for many commonly used CPUs. Niibe-san implemented new Hey Hi (AI) and algorithms and also integrated quantum-resistant encryption algorithms. -
Beta News ☛ eBPF: Enabling security and performance to co-exist
Today, most organizations and individuals use GNU/Linux and the GNU/Linux kernel with a “one-size-fits-all” approach. This differs from how GNU/Linux was used in the past–for example, 20 years ago, many users would compile their kernel and modify it to fit their specific needs, architectures and use cases. This is no longer the case, as one-size-fits-all has become good enough. But, like anything in life, “good enough” is not the best you can get. Enter: Extended Berkeley Packet Filter (eBPF). eBPF allows users to modify one-size-fits-all to fit their specific needs.
-
Harisfazillah Jamel: Download Latest version Of Nginx Stable For Latest Security Patch
Download And Use latest Version Of Nginx Stable
To ensure you receive the latest security updates and bug fixes for Nginx, configure your system's repository specifically for it. Detailed instructions on how to achieve this can be found on the Nginx website. Setting up the repository allows your system to automatically download and install future Nginx updates, keeping your web server running optimally and securely.
-
Ruben Schade ☛ Even the icons were wrong
You know your Mac is borked when even the icons aren’t right for specific applications in the Force Quit Applications window. It’s also not correctly showing the frozen application for some reason.
I do like the idea of the Music app being secured by KeePassXC though, that’s kinda cute. I can’t let anyone know about the weird jazz music I listen to.
-
Security Week ☛ AMD Investigating Breach Claims After Hacker Offers to Sell Data
AMD has launched an investigation after a notorious hacker announced selling sensitive data allegedly belonging to the company.
-
Security Week ☛ US, Allies Publish Guidance on Securing Network Access
Government agencies in the US, New Zealand, and Canada have published new guidance on improving network security.
-
Security Week ☛ Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks
National passenger railroad company Amtrak is notifying customers that hackers have breached their Guest Rewards Accounts.
-
Federal News Network ☛ Energy working with renewables industry, cloud providers on cyber requirements
CESER's work with cloud service providers comes amid growing threats to critical infrastructure, as well as questions about cloud security responsibilities.
-
Security Week ☛ Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition
Google has released a Chrome 126 security update with six fixes, including four for externally reported high-severity flaws.