Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by AlmaLinux (python3.12), Debian (calibre, exfatprogs, frr, git, libtommath, nbconvert, ruby-nokogiri, ruby-tzinfo, and webkit2gtk), Fedora (flatpak, lua-mpack, and python3.12), Red Hat (389-ds-base, 389-ds:1.4, buildah, fence-agents, gvisor-tap-vsock, httpd:2.4, kernel, kernel-rt, nodejs:18, orc, postgresql, postgresql:12, postgresql:13, postgresql:15, python-urllib3, python3.12, and skopeo), SUSE (389-ds, bubblewrap and flatpak, cacti, cacti-spine, curl, glib2, kernel-firmware, libqt5-qt3d, libqt5-qtquick3d, opera, python39, qemu, unbound, xen, and zziplib), and Ubuntu (ffmpeg, linux-raspi-5.4, and python-webob).
-
Federal News Network ☛ Security in the age of telework continues to be a ‘shared responsibility’
A guide from the Interagency Security Committee sheds light on how a more "mobile" federal workforce can stay secure everywhere from cyberspace to Starbucks.
-
Security Week ☛ Halliburton Confirms Data Stolen in Cyberattack
The US oil giant updated an SEC filing to confirm malicious hackers “accessed and exfiltrated information” from its corporate systems.
-
Security Week ☛ CISO Conversations: Jaya Baloo From Rapid7 and Jonathan Trull From Qualys
CSOs Jaya Baloo and Jonathan Trull discuss the route, role, and requirements in becoming and being a successful CISO.
-
Security Week ☛ Verkada to Pay $2.95 Million Over FTC Probe Into Security Camera Hacking
The FTC complaint alleges that Verkada’s failures allowed a hacker to access customers’ security cameras.
-
Security Week ☛ VMware Patches High-Severity Code Execution Flaw in Fusion
VMware rolls out patch for a high-severity code execution vulnerability in the Fusion hypervisor.
-
Security Week ☛ City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack
The City of Columbus sued a researcher who disclosed the impact of the data breach caused by a recent ransomware attack.
-
Security Week ☛ Intel Responds to SGX Hacking Research
Intel has shared some clarifications on claims made by a researcher regarding the hacking of its SGX security technology.
-
Scoop News Group ☛ White House publishes latest plan to protect a key component of the internet
The roadmap for enhancing internet routing security follows action from the FCC and others.
-
Security Week ☛ Chrome 128 Updates Patch High-Severity Vulnerabilities
Google has released two Chrome 128 updates to address six high-severity vulnerabilities reported by external researchers.
-
Ubuntu Patches Multiple Vim Vulnerabilities
Recently, Canonical has released security updates to address multiple Vim vulnerabilities in Ubuntu 14.04 ESM. Ubuntu 14.04, codenamed “Trusty Tahr,” reached its end-of-life (EOL) on April 30, 2019. After this date, Canonical stopped providing official updates, including security patches, for this version. However, some users and organizations still rely on older versions like Ubuntu 14.04 due to legacy software dependencies, stability concerns, or cost constraints associated with upgrading.
-
Cyble Inc ☛ Canonical Addresses Critical Linux Kernel AWS Vulnerabilities with New Patches
Canonical has rolled out essential security updates for Ubuntu, addressing multiple Linux kernel vulnerabilities that also impact Amazon Web Services (AWS). These issues, which involve race conditions and memory management errors, pose significant risks including system crashes and unauthorized access.
The latest patches aim to mitigate these threats and enhance the security of both Ubuntu-based systems and AWS environments. This article shares insights into the specifics of these Linux kernel vulnerabilities, the associated risks, and the steps users have to take to secure their systems.
-
Ubuntu Fixes Several Linux Kernel AWS Vulnerabilities
Several vulnerabilities in the Linux kernel have been identified, also affecting Amazon Web Services (AWS) systems. Canonical has released important security patches addressing these vulnerabilities. These flaws primarily involve race conditions and memory management errors, which can be exploited to cause system crashes or unauthorized actions. Here’s a detailed look at some of these vulnerabilities and how to stay secure.