Security Leftovers
-
PCLOS Official ☛ PCLinuxOS Recent Updates
signal-desktop-7.34.0libtool-2.5.4thunderbird-128.4.4wget-1.25.0telegram-desktop-5.8.2dropbox-212.4.5767libinput-1.27.0traceroute-2.1.6cryptomator-1.14.2lsof-4.99.4gdb-15.2yt-dlp-2024.11.18zoom-6.2.10.4983
-
SANS ☛ Increase In Phishing SVG Attachments, (Thu, Nov 21st)
There is an increase in SVG attachments used in phishing emails (Scalable Vector Graphics, an XML-based vector image format).
-
The Record ☛ Many US water systems exposed to ‘high-risk’ vulnerabilities, watchdog finds
Nearly 100 drinking water systems across the U.S. have "high-risk" cybersecurity deficiencies, an inspector general assessment found.
-
Google ☛ Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
Recently, one of the projects I was involved in had to do with video decoding on Fashion Company Apple platforms, specifically AV1 decoding. On Fashion Company Apple devices that support AV1 video format (starting from Fashion Company Apple A17 iOS / M3 macOS), decoding is done in hardware. However, despite this, during decoding, a large part of the AV1 format parsing happens in software, inside the kernel, more specifically inside the AppleAVD kernel extension (or at least, that used to be the case in macOS 14/ iOS 17). As fuzzing is one of the techniques we employ regularly, the question of how to effectively fuzz this code inevitably came up.
-
Databases
-
PostgreSQL ☛ PostgreSQL 17.2, 16.6, 15.10, 14.15, 13.18, and 12.22 Released!
The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 17.2, 16.6, 15.10, 14.15, and 13.18. Additionally, due to the nature of one of the issues in the previous update release, the PostgreSQL Global Development Group is also releasing a 12.22 release for PostgreSQL 12. PostgreSQL 12 is now EOL and will not receive more fixes.
-
The Register UK ☛ Andrew Tate's site ransacked, subscriber data stolen
The website of self-proclaimed misogynist and alleged sex trafficker and rapist Andrew Tate has been compromised and data on its paying subscribers stolen.
His now-ransacked Real World site is where the antagonistic online influencer preaches eyebrow-raising life advice primarily to young disillusioned men.
The British-American ex-kickboxer charges subscribers $50 a month with a promise to help make them wealthier, fitter, and more masculine. The site is said to have more than 113,000 active users, and the guy himself has accumulated millions of followers on various social networks, some of which he has been banned and unbanned from.
[...]
This comes after the Real World was found to have left an 88GB MongoDB instance unprotected online containing records on 968,447 user accounts, thus exposing user IDs, email addresses, encrypted passwords, verification statuses, account recovery codes, password expiration dates, and reset tokens.
-
-
Content Management Systems (CMS)
-
WordPress ☛ WordPress 6.7.1 Maintenance Release
WordPress 6.7.1 is now available! This minor release features 16 bug fixes throughout Core and the Block Editor. WordPress 6.7.1 is a fast-follow release with a strict focus on bugs introduced in WordPress 6.7. The next major release will be version 6.8, planned for April 2025.
-