Security Leftovers
-
Pen Test Partners ☛ You lost your iPhone, but it’s locked. That’s fine, right?
TL;DR Default iOS configuration leaves your locked device vulnerable Ensure your emergency contacts are set. Use ‘FindMy’ to track / wipe lost devices. Take regular backups.
-
Bruce Schneier ☛ IoT Devices in Password-Spraying Botnet
Microsoft is warning Microsoft trap Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (libtiff), Debian (context, libheif, and thunderbird), Fedora (php-tcpdf, syncthing, and thunderbird), Gentoo (EditorConfig core C library, Flatpak, Neat VNC, and Ubiquiti UniFi), Oracle (bcc, bpftrace, grafana-pcp, haproxy, kernel, krb5, libtiff, python-gevent, python3.11-urllib3, python3.12-urllib3, and xmlrpc-c), Red Hat (python3.11-urllib3), SUSE (audacity, curl, govulncheck-vulndb, gradle, htmldoc, libgsf, python310, and qbittorrent), and Ubuntu (linux-aws-5.4, linux-oracle-5.4, mpg123, and python-werkzeug).