Security Leftovers
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (firefox-esr and openssl), Fedora (firefox, libarchive, micropython, NetworkManager-libreswan, and xorg-x11-server-Xwayland), Red Hat (nano), Slackware (mozilla-firefox, mozilla-thunderbird, tigervnc, and xorg), SUSE (389-ds, Botan, go1.21-openssl, govulncheck-vulndb, java-11-openjdk, lxc, python-Werkzeug, and uwsgi), and Ubuntu (firefox, libarchive, linux-azure-fde, linux-azure-fde-5.15, python-pip, and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04).
-
SANS ☛ October 2024 Activity with Username chenzilong, (Thu, Oct 31st)
After reviewing the Top 10 Not So Common SSH Usernames and Passwords
-
Bruce Schneier ☛ Roger Grimes on Prioritizing Cybersecurity Advice
This is a good point:
Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks.
-
Tom's Hardware ☛ Microsoft will charge Windows 10 users $30 per year for security updates
Microsoft has published a short guide on preparing for Windows 10's end of support in about a year. The guide notes, among other things, the possibility of purchasing an Extended Security Updates (ESU) subscription that will keep Windows 10 PCs secure for a fee of $30 per year. For the first time, this service will be accessible to both individual consumers and business clients, as outlined a year ago.
-
Netcraft ☛ Every Doggo Has Its Day: Unleashing the Xiū Gǒu Phishing Kit
Key data
This article explores Netcraft’s research into Xiū gǒu (修狗), a phishing kit in use since at least September 2024 to deploy phishing campaigns targeting the US and UK, Spain, Australia, and Japan. Insights include: [...]