Security Leftovers

posted by Roy Schestowitz on Jul 25, 2024

• LWN ☛ Security updates for Tuesday

  Security updates have been issued by Fedora (gtk3 and jpegxl), Red Hat (kpatch-patch and thunderbird), SUSE (apache2, git, gnome-shell, java-11-openjdk, java-21-openjdk, kernel, kernel-firmware, kernel-firmware-nvidia-gspx-G06, libgit2, mozilla-nss, nodejs20, python-Django, and python312), and Ubuntu (linux-aws, linux-aws, linux-aws-5.4, linux-iot, linux-aws-5.15, pymongo, and ruby-rack).

• Ubuntu Addresses Several Python Vulnerabilities

  Python, a widely-used programming language, is integral to many applications and systems. However, like any software, it can have vulnerabilities that pose significant security risks. Recently, Canonical addressed 41 vulnerabilities in the Python package across various Ubuntu releases, including Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04, 16.04, and 14.04 ESM. This article explores some of the high-severity Python vulnerabilities that have been fixed and provides guidance on how to stay secure.

• Security Week ☛ KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware

  KnowBe4 chief executive Stu Sjouwerman: “We sent them their Mac workstation, and the moment it was received, it immediately started to load malware."

• Scoop News Group ☛ Simple ‘FrostyGoop’ malware responsible for turning off Ukrainians’ heat in January attack

  The attack is the latest in a string targeting Ukrainian critical infrastructure and illustrates the growing ease of targeting industrial systems.

• Security Week ☛ Most Airlines Except One Are Recovering From the [WINDOWS] Outage. The Feds Have Noticed

  Delta has canceled more than 5,500 flights since the outage started early Friday morning.

• Security Week ☛ CrowdStrike CEO Called to Testify to Congress Over Cybersecurity Firm’s Role in Global [Windows] Outage

  U.S. House leaders are calling on CrowdStrike CEO George Kurtz to testify on widespread tech outage that services around the world.

• Security Week ☛ CrowdStrike Speeding Up Remediation of [Windows] Systems Hit by Blue Screen of Death

  CrowdStrike tested a new technique to speed up the remediation of systems impacted by the recent bad update.

• Stanford University ☛ CrowdStrike outage shuts down backdoored Windows operating systems at Stanford

  A faulty update from CrowdStrike caused widespread crashes of backdoored Windows systems at Stanford on Friday, disrupting many academic and administrative functions.

• Scoop News Group ☛ Cyberattacks may follow [Windows] outage, warns MS-ISAC

  Cybercriminals are using the chaos of the CrowdStrike outage to launch phony websites and new phishing campaigns, said a director with the Multi-State Information Sharing and Analysis Center.

• Scoop News Group ☛ Low-level cybercriminals are pouncing on [Windows]-connected outage

  The malicious activity comes as CrowdStrike customers continue to recover from the July 18 outage.

  The post Low-level cybercriminals are pouncing on CrowdStrike-connected outage appeared first on CyberScoop.

• WhichUK ☛ [Windows] outage: 4 ways travel insurance can help if your trip was affected

  Thousands of passengers faced flight cancellations or delays at UK airports after a Crowdstrike faulty software update

• OpenSSF (Linux Foundation) ☛ Celebrating Excellence: An Interview with Golden Egg Award Winner Christopher “CRob” Robinson

  As we unveiled the Golden Egg Award winners in April during the SOSS Community Day North America, we recognized those who go above and beyond in enriching our community. Today, we spotlight Christopher “CRob” Robinson, the winner of the Golden Egg Award for OpenSSF Community Engagement. CRob has made continuous impactful contributions as the chair of the Vulnerability Disclosure Working Group and the Technical Advisory Council (TAC), significantly contributing to the working group’s guides and presenting at industry conferences.

• OpenSSF (Linux Foundation) ☛ OpenSSF Newsletter – July 2024

  Welcome to the July 2024 edition of the OpenSSF Newsletter, with our latest information on what’s been happening lately and what’s on our radar. DOWNLOAD: What’s in the SOSS?