Security Leftovers
-
Help Net Security ☛ OpenPaX: Open-source kernel patch that mitigates memory safety errors
OpenPaX is an open-source kernel patch that mitigates common memory safety errors, re-hardening systems against application-level memory safety attacks using a simple Linux kernel patch. It’s available under the same GPLv2 license terms as the Linux kernel.
-
PCLinuxOS Magazine ☛ New NIST Password Guidelines
I know we've covered password security ad-nauseum in the pages of The PCLinuxOS Magazine. I won't even attempt to count how many articles we've previously run, because my count of them varies each time I try. But trust me when I tell you that we've covered it a LOT. Couple that with virtually every other outlet in existence also harping on the same topic, and there's little to no doubt that you've received the “message,” along with every other computer user on the planet. Whether that message was heeded, however, is a whole other matter.
Despite admonitions to the contrary, I'm certain that someone reading this has one of the following “passwords” to “secure” their private, personal data: passwOrd, password123, 12345678, 87654321, abc123, abcd1234, effthis, or one of MANY other insecure passwords that have been proven time and time again to be insecure. We've also run multiple articles on the annual “Worst Passwords of [YEAR]” in The PCLinuxOS Magazine. While the list changes somewhat every year, many of the top 50 worst passwords on those lists remain stagnant and unchanged.
-
Windows TCO
-
Bleeping Computer ☛ Microsoft SharePoint RCE bug exploited to breach corporate network
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks.
CVE-2024-38094 is a high-severity (CVSS v3.1 score: 7.2) RCE flaw impacting Microsoft SharePoint, a widely used web-based platform functioning as an intranet, document management, and collaboration tool that can seamlessly integrate with Microsoft 365 apps.
Microsoft fixed the vulnerability on July 9, 2024, as part of the July Patch Tuesday package, marking the issue as "important."
Last week, CISA added CVE-2024-38094 to the Known Exploited Vulnerability Catalog but did not share how the flaw was exploited in attacks.
-