Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (java-11-openjdk), Debian (bind9), Fedora (darkhttpd, mod_http2, and python-scrapy), Red Hat (python3.11, rhc-worker-script, and thunderbird), SUSE (assimp, gh, opera, python-Django, and python-nltk), and Ubuntu (edk2, linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-nvidia-6.5, linux-oracle, linux-raspi, and lua5.4).
-
Make Tech Easier ☛ WireGuard vs OpenVPN: Which One Should You Use?
Looking for a VPN solution for your devices? Explore our comparison of WireGuard vs OpenVPN to determine which one fits your personal needs.
-
PKfail – Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem
A significant vulnerability in the UEFI Secure Boot process, known as “PKfail,” has been uncovered by researchers at Binarly.
-
Linux to Introduce Blue Screen of Death-Like Crash Messages for Better Error Reporting [Ed: Microsoft EEE or Microsoft employees trying to turn Linux into Windows]
Linux is set to implement a feature reminiscent of Windows’ infamous Blue Screen of Death (BSOD) to enhance its error reporting system.
-
Tom's Hardware ☛ Multi-platform spyware provider Spytech gets hacked, revealing global scale of operations and swaths of unencrypted victim data
A Spytech breach disclosed to TechCrunch prompts an exposé.
-
Security Week ☛ Selenium Grid Instances Exploited for Cryptomining
Wiz has detailed SeleniumGreed, a campaign in which threat actors target exposed Selenium Grid instances for cryptomining.
-
Scoop News Group ☛ Bipartisan Senate bill would promote cybersecurity apprenticeship programs
The legislation aims to grow the cyber workforce under a Department of Labor-managed grants program for apprentices.
-
Scoop News Group ☛ Biden’s cybersecurity legacy: ‘a big shift’ to private sector responsibility
Over the course of his term, Joe Biden has presided over an ambitious agenda on regulation and more, to both praise and criticism.
-
Security Week ☛ 4.3 Million Impacted by HealthEquity Data Breach
HealthEquity says the personal and health information of 4.3 million individuals was compromised in a data breach.
-
Security Week ☛ Acronis Product Vulnerability Exploited in the Wild
Acronis warns of a critical-severity Acronis Cyber Infrastructure (ACI) vulnerability being exploited in attacks.
-
Security Week ☛ Millions of Websites Susceptible to XSS Attack via OAuth Implementation Flaw
Researchers discovered and published details of an XSS attack that could potentially impact millions of websites around the world. [...] This is not a product vulnerability that can be patched centrally. It is more an implementation issue between web code and a massively popular app: OAuth used for social logins. Most website developers believe the XSS scourge is a thing of the past, solved by a series of mitigations introduced over the years. Salt shows that this is not necessarily so.
-
Security Week ☛ Phishing Campaign Exploited Proofpoint Email Protections for Spoofing
Threat actors have exploited Proofpoint’s email protection service to deliver millions of spoofed phishing emails.
-
NYPost ☛ Delta seeks compensation after CrowdStrike outage caused thousands of flight cancelations
Analysts estimate that the impact from the cyber outage could be in the hundreds of millions.