Security Leftovers
-
LWN ☛ Security updates for Friday
Security updates have been issued by AlmaLinux (bubblewrap, flatpak), Debian (libxml2), Fedora (lua-mpack, mingw-python3, python-django, python-django4.2, python3.11, python3.13, and python3.9), Oracle (bubblewrap, flatpak), Red Hat (fence-agents, python-urllib3, resource-agents, and wget), Slackware (expat and mozilla), SUSE (buildah, chromium, firefox, gradle, java-1_8_0-ibm, kubernetes1.26, postgresql16, python-Django, python312-pip, and systemd), and Ubuntu (python-aiohttp).
-
NVISO Labs ☛ Hunting Chromium Notifications
Browser notifications provide social-engineering opportunities. In this post we'll cover the associated forensic artifacts, threat hunting possibilities and hardening recommendations.
-
Security Week ☛ Apache Makes Another Attempt at Patching Exploited RCE in OFBiz
The latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks.
-
Latvia ☛ National Cybersecurity Center is up and running
To strengthen cybersecurity in Latvia and implement the revised European Union Network and Information Systems Directive requirements, the National Cybersecurity Law, developed by the Ministry of Defense, came into effect on September 1, reports Labs of Latvia.
-
Federal News Network ☛ Biden admin pushing ‘promise’ of Hey Hi (AI) for cyber defense
AI could be a big factor in a potential second cybersecurity executive order, but federal cyber pros are also wary of the risks of relying too much on AI.
-
Security Week ☛ US Gov Removing Four-Year-Degree Requirements for Cyber Jobs
The US government will remove "unnecessary degree requirements" in favor of skills-based hiring to help fill 500,000 open cybersecurity jobs.
-
Security Week ☛ Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild
SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild.
-
Scoop News Group ☛ Major Iranian IT vendor paying large ransom to resolve recent cyberattack
The company, Tosan, which provides IT services to 45% of the country’s banks, has paid $561,000 worth of bitcoin so far.
-
Bruce Schneier ☛ YubiKey Side-Channel Attack
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment.
Still, nice piece of security analysis.
-
Security Week ☛ In Other News: US Army Hacks Buildings, X Hiring Cybersecurity Staff, Bitcoin ATM Scams
Noteworthy stories that might have slipped under the radar: US Special Forces can hack buildings, X is hiring cybersecurity staff, and FTC warns of Bitcoin ATM scams.
-
Security Week ☛ Cybersecurity M&A Roundup: 36 Deals Announced in August 2024
Roundup of the three dozen cybersecurity-related merger and acquisition (M&A) deals announced in August 2024.
-
Internet Society ☛ US Government Networks Get a Security Boost: White House Roadmap Tackles Routing Vulnerabilities
The White House's Roadmap to Enhancing Routing Security is an important step toward strengthening routing security in the United States.
-
Security Week ☛ CISA Breaks Silence on Controversial ‘Airport Security Bypass’ Vulnerability
Researchers and the TSA have different views on the impact of vulnerabilities in an airport security application that could allegedly allow the bypass of certain airport security systems.
-
Security Week ☛ LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks
A vulnerability in the LiteSpeed Cache WordPress plugin leads to the exposure of sensitive information, including user cookies.
-
Security Week ☛ Veeam Patches Critical Vulnerabilities in Enterprise Products
Veeam has released patches for critical-severity vulnerabilities in Backup & Replication, ONE, and Service Provider Console.
-
Cyber Security News ☛ Linux Pluggable Authentication Modules Abused to Create Backdoors [Ed: If people plug malware, then it'll do bad things. Seems wrong to somehow attribute this to "Linux".]
The pam_exec module in Linux allows the execution of external commands or scripts during the PAM (Pluggable Authentication Modules) authentication process. It provides a way to extend and customize authentication behavior by running arbitrary commands at different stages of the authentication flow.
-
Cyber Security News ☛ PoC Exploit Released for Linux Kernel Vulnerability that Allows Root Access
The vulnerability is rated as high severity due to its potential impact on confidentiality, integrity, and availability. The attack vector is local, requiring low complexity and privileges, with no user interaction needed. This makes it an attractive target for attackers aiming to exploit Linux-based systems.