Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (debian-security-support, nghttp2, and sqlite3), Oracle (cups-filters, kernel, and osbuild-composer), SUSE (openssl-3), and Ubuntu (bubblewrap, flatpak and python2.7, python3.5).
-
OpenSSF (Linux Foundation) ☛ What’s in the SOSS? Podcast #16 – Dell’s Sarah Evans and Lisa Bradley and Ensuring Secure Open Source Software at the Enterprise Level
-
Red Hat Official ☛ A smarter way to manage malware with Red Hat Insights
You can now review and set the status for malware signature matches at both the system and signature levels. This allows you to remove irrelevant messages and information from your environment and more efficiently review the status of malware results, so you can remove excess noise and better focus on what needs your attention. You can change the status of each signature match while you continue your investigation and management of malware matches. This helps your stakeholders to stay informed of the progress of evaluating malware matches and cleaning. You can also decide which matches are irrelevant or whether they pose low or no threat to your systems.
-
Security Week ☛ Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities
CISA warns that years-old vulnerabilities in SAP Commerce, Gpac framework, and D-Link DIR-820 routers are exploited in the wild.
-
Business Wire ☛ Halcyon Announces Anti-Ransomware Protection for Linux Environments [Ed: Proprietary snakeoil]
-
Cyber Security News ☛ Vesta Admin Panel Vulnerability Allows Complete Linux Server Takeover
Vesta is a web-based control panel that simplifies server management for Linux users. Known for its lightweight structure and user-friendly interface, it is favored by many for hosting websites, managing domains, and creating databases.
-
Cyber Security News ☛ New Sophisticated Linux Malware Exploiting Apache2 Web Servers
Exploiting CVE-2021-4034 (“pwnkit”) for privilege escalation.