Security: Windows TCO, Reproducible Builds, and More
-
LWN ☛ Security updates for Friday
Security updates have been issued by Debian (chromium and trafficserver), Fedora (chromium), Mageia (apache-mod_jk, gnome-shell, kernel, kmod-xtables-addons, and kmod-virtualbox, kernel-linus, and python3), Oracle (container-tools:ol8, dovecot, emacs, expat, firefox, git-lfs, gtk3, kernel, nano, net-snmp, osbuild-composer, python3, python3.11, python3.12, ruby:3.3, and virt:ol and virt-devel:rhel), Slackware (boost), SUSE (kernel), and Ubuntu (configobj, cups, cups-browsed, cups-filters, libcupsfilters, and libppd).
-
Security Week ☛ In Other News: Salt Typhoon Hacks US ISPs, China Doxes Hackers, New Tool for Hey Hi (AI) Attacks
Noteworthy stories that might have slipped under the radar: China’s Salt Typhoon has hacked US ISPs, China has doxed Taiwanese hackers, and Bishop Fox has a new tool for Hey Hi (AI) attacks.
-
Hackaday ☛ Hacking Kia: Remotely Hijack A Car Using Only Its License Plate
These days everything needs to be connected to remote servers via the internet, whether it’s one’s TV, fridge or even that new car you just bought. A recently discovered (and already patched) vulnerability concerning Kia cars was a doozy in this regard, as a fairly straightforward series of steps allowed for any attacker to obtain the vehicle identification number (VIN) from the license plate, and from there become registered as the car’s owner on Kia’s network. The hack and the way it was discovered is described in great detail on [Sam Curry]’s website, along with the timeline of its discovery.
-
Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 278 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
278. This version includes the following changes:* Temporarily remove procyon-decompiler from Build-Depends as it was removed from testing (#1057532). (Closes: #1082636) * Add a helpful contextual message to the output if comparing Debian .orig tarballs within .dsc files without the ability to "fuzzy-match" away the leading directory. (Closes: reproducible-builds/diffoscope#386) * Correctly invert "X% similar" value and do not emit "100% similar". (Closes: reproducible-builds/diffoscope#391)
-
Support for Istio 1.21 has ended
As previously announced, support for Istio 1.21 has now officially ended.
At this point we will no longer back-port fixes for security issues and critical bugs to 1.21. We highly recommend that you upgrade to the latest version of Istio (1.23.2) if you haven’t already.
-
Forbes ☛ https://www.forbes.com/sites/daveywinder/2024/09/28/new-chrome-security-warning-for-3-billion-windows-mac-linux-android-users/ [Ed: Typical disgusting FUD and senationalism by Microsoft's media operative Davey Winder; it's meant to distract from what goes on at Microsoft/Windows by saying "billions"]
-
Amazon Inc ☛ Application Discovery Service Agentless Collector now supports Amazon Linux 2023
Today, we are excited to announce that the Application Discovery Service Agentless Collector now runs on Amazon Linux 2023 (AL2023). AL2023 offers long-term support with access to the latest Linux security updates.
-
Windows TCO
-
Security Week ☛ Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions
Five Eyes cybersecurity agencies have released joint guidance on identifying Active Directory compromises.
-