Security Leftovers
-
Support for Istio 1.21 ends on September 27, 2024
According to Istio’s support policy, minor releases like 1.21 are supported until six weeks after the N+2 minor release (1.23 in this case). Istio 1.23 was released on August 14th, 2024, and support for 1.21 will end on September 27th, 2024.
At that point we will stop back-porting fixes for security issues and critical bugs to 1.21, so we encourage you to upgrade to the latest version of Istio (1.23). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.
-
Federal News Network ☛ Ahead of mandatory rules, CISA unveils new cyber incident reporting portal
CISA is launching the new portal as it prepares to implement landmark cyber incident reporting requirements that cover all 16 critical infrastructure sectors.
-
Security Week ☛ Cisco Patches Multiple NX-OS Software Vulnerabilities
Cisco on Wednesday announced NX-OS software updates that resolve multiple vulnerabilities, including a high-severity DoS bug.
-
Security Week ☛ Beckhoff TwinCAT/BSD Vulnerabilities Expose PLCs to Tampering, DoS Attacks
Beckhoff Automation has patched several vulnerabilities in its TwinCAT/BSD operating system for industrial PCs.
-
Scoop News Group ☛ Senate bill to protect health care data gets House partner
The Healthcare Cybersecurity Act calls on CISA and HHS to collaborate on defending health facilities from cyber incidents.
-
Security Week ☛ US Sees Iranian Hackers Working Closely With Ransomware Groups [Ed: Windows TCO]
Iranian state-sponsored APT Lemon Sandstorm is working closely with ransomware groups on monetizing network intrusions.
-
Security Week ☛ Iranian Hackers Use New Tickler Malware for Intelligence Gathering on Critical Infrastructure
The Iran-linked state-sponsored hacker group tracked as Peach Sandstorm has started using a new backdoor in attacks aimed at the US and UAE.
-
Silicon Angle ☛ Google reports watering-hole attacks on Mongolian sites leveraged iOS and Android exploits
Google LLC’s Threat Analysis Group today shared details on multiple observed in-the-wild exploit campaigns that used watering-hole attacks on Mongolian government websites between November 2023 and July this year.