Security Leftovers

posted by Roy Schestowitz on Aug 10, 2024

• LWN ☛ Security updates for Friday

  Security updates have been issued by AlmaLinux (httpd, kernel, kernel-rt, and libtiff), Debian (postgresql-13, postgresql-15, and thunderbird), Fedora (frr, thunderbird, vim, and xrdp), Gentoo (Librsvg, Nautilus, ncurses, Percona XtraBackup, QEMU, and re2c), Red Hat (httpd, kernel, kernel-rt, openssl, and python-setuptools), SUSE (bind, ffmpeg-4, kubernetes1.23, kubernetes1.24, python-Django, and python3-Twisted), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-oem-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle, linux-oracle-5.4, and salt).

• Security Week ☛ Vulnerability Allowed Eavesdropping via Sonos Smart Speakers

  Sonos has patched vulnerabilities in its smart speakers, including a serious flaw that could have been exploited to eavesdrop on users.

• LWN ☛ New attack against the SLUB allocator

  Researchers from Graz University of Technology have published details of a new attack on the GNU/Linux kernel called SLUBStick. The attack uses timing information to turn an ability to trigger use-after-free or double-free bugs into the ability to overwrite page tables, and thence into the ability to read and write arbitrary areas of memory. The good news is that this attack does require an existing bug to be usable; the bad news is that the kernel regularly sees bugs of this kind.

• Tom's Hardware ☛ AMD's 'Sinkclose' vulnerability affects hundreds of millions of processors, enables data theft — AMD begins patching issue in critical chip lines, more to follow

  Virtually unfixable 'Sinkclose' vulnerability affects hundreds of millions of AMD EPYC, Ryzen, Athlon, Phenom, and other processors.

• Scoop News Group ☛ Easterly: Cybersecurity is a software quality problem

  LAS VEGAS —  Jen Easterly, the head of the Cybersecurity and Infrastructure Security Agency, told attendees at the Black Hat security conference on Thursday that delivering major improvements in computer security will require a sea change in how companies approach building software. 

• Security Week ☛ Physical Security Firm ADT Confirms Hack and Data Breach

  ADT has confirmed that hackers have stolen information after 30,000 customer records were leaked recently.

• Security Week ☛ In Other News: KnowBe4 Product Flaws, SEC Ends MOVEit Probe, SOCRadar Responds to Hacking Claims

  Noteworthy stories that might have slipped under the radar: KnowBe4 product vulnerabilities, SOCRadar responds to hacker's claims, and SEC ends the MOVEit hack probe.

• Trail of Bits ☛ Trail of Bits’ Buttercup heads to DARPA’s AIxCC

  With DARPA’s Hey Hi (AI) Cyber Challenge (AIxCC) semifinal starting today at DEF CON 2024, we want to introduce Buttercup, our AIxCC submission. Buttercup is a Cyber Reasoning System (CRS) that combines conventional cybersecurity techniques like fuzzing and static analysis with Hey Hi (AI) and machine learning to find and fix software vulnerabilities.

• Zimbabwe ☛ Tinashe Mugabe’s Closure DNA Show YouTube Channel Hacked

  One of the most popular YouTube channels in Zimbabwe, The Closure DNA Show by Tinashe Mugabe was hacked this afternoon.

• Silicon Angle ☛ Trend Micro reportedly exploring sale after being approached by potential buyers

  Japanese cybersecurity software company Trend Micro Inc. is reportedly exploring a sale after being approached by several potential buyers. Referencing people familiar with the matter, Reuters reported that Trend Micro has been working with investment banks to solicit interest from potential buyers, including private equity firms.

• The Strategist ☛ Southeast Asia needs more cybersecurity collaboration, with Australian help

  While Southeast Asia was fortunate to avoid the worst effects of the global CrowdStrike outage in July, ASEAN is actively working to improve resilience for future cybersecurity risks.

• Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 274 released

  The diffoscope maintainers are pleased to announce the release of diffoscope version 274. This version includes the following changes:

  * Add support for IO::Compress::Zip >= 2.212. (Closes: #1078050) * Don't include debug output when calling dumppdf(1). * Append output from dumppdf(1) in more cases. (Closes: reproducible-builds/diffoscope#387) * Update the available architectures for test dependencies.

• Cyber Security News ☛ New Double-Extortion Ransomware Attacking Linux Machines

  Researchers at Symantec have identified a new Linux ransomware variant linked to a bilingual (English and Spanish) double-extortion ransomware group.

  This emerging threat poses significant risks to organizations by encrypting and exfiltrating sensitive data, demanding ransom payments for decryption and data protection.