Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (firefox, mod_jk, and thunderbird), Debian (apache2 and firefox-esr), Fedora (crosswords, logiops, p7zip, and perl-App-cpanminus), Red Hat (.NET 6.0, firefox, git, kernel, kernel-rt, openssl, and thunderbird), SUSE (buildah, json-lib, kernel, Mesa, mozjs78, pgadmin4, podman, podofo, qatlib, redis7, roundcubemail, rusty_v8, and seamonkey), and Ubuntu (dotnet6, dotnet8, nginx, and ruby-webrick).
-
Krebs On Security ☛ Lamborghini Carjackers Lured by $243M Cyberheist
The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom.
-
Pen Test Partners ☛ How to handle vulnerability reports in aviation
TL;DR Always thank researchers for reporting vulnerabilities. Acknowledging their efforts can set the right tone. Lead all communications with researchers. Don’t let legal or PR teams take over.
-
Scoop News Group ☛ White House is prioritizing secure internet routing, using memory safe languages [Ed: Well, as if the "languages" are the problem; how about culling Windows?]
National Cyber Director Harry Coker says the Biden administration is focusing on securing foundational technologies.
-
Federal News Network ☛ A new way to ensure government and industry have enough cybersecurity people
"We could view cybersecurity as an entry level problem, but it is probably more of an intermediate and advanced role problem," Keith Clement said.
-
SANS ☛ GPTHoney: A new class of honeypot (Thu, Oct 10th)
-
GNOME
-
Threat Source ☛ Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project
Two vulnerabilities in the G Structured File Library (libgsf) could lead to arbitrary code execution.
This GNOME project supports an abstraction layer around different structure file formats such as .tar and .zip.
-
-
Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation
-
Cyble Inc ☛ Progress Telerik, Cisco, QNAP and Linux Under Attack: Cyble Honeypot Sensors
Cyble’s Vulnerability Intelligence unit has detected cyberattacks on several key IT products and systems, as threat actors have been quick to exploit vulnerabilities and enterprises slow to patch them.
-
Bleeping Computer ☛ New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176.
-
-
Windows TCO
-
Bleeping Computer ☛ Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
Today is Microsoft’s October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited. This Patch Tuesday fixed three critical vulnerabilities, all remote code execution flaws.
-
Bleeping Computer ☛ Microsoft fixes Remote Desktop issues caused by backdoored Windows Server update
Microsoft says this month’s Patch Tuesday cumulative updates fix a known issue that causes Windows servers to disrupt Remote Desktop connections in enterprise networks after installing the July Windows Server security updates.
-
Scoop News Group ☛ Microsoft offers updates on 117 vulnerabilities on Patch Tuesday
The vulnerabilities are tied to the Abusive Monopolist Microsoft Management Console and backdoored Windows MSHTML Platform.
-