Security Leftovers

posted by Roy Schestowitz on Jan 08, 2025

• LWN ☛ Security updates for Tuesday

  Security updates have been issued by AlmaLinux (python-requests), Oracle (python-requests), SUSE (python-Jinja2 and rizin), and Ubuntu (ceph, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,

  linux-kvm, linux-oracle, linux, linux-lts-xenial, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-hwe-5.15,

  linux-nvidia, linux-oracle, linux-raspi, linux-aws, linux-kvm, linux-hwe-6.8, linux-intel-iotg, linux-oem-6.11, linux-raspi-5.4, and salt).

• Jonathan Wiltshire: Using TPM for Automatic Disk Decryption in Debian 12 [Ed: GCHQ connected Debian Developer [1, 2] pushing TPM in Debian]

  These days it’s straightforward to have reasonably secure, automatic decryption of your root filesystem at boot time on Debian 12. Here’s how I did it on an existing system which already had a stock kernel, secure boot enabled, grub2 and an encrypted root filesystem with the passphrase in key slot 0.

• APNIC ☛ Observing the DDoS landscape requires collaboration

  Guest Post: An industry-academic analysis on trends in direct-path and reflection-amplification attacks to encourage greater common understanding of the DDoS landscape.

• Silicon Angle ☛ Netskope finds enterprise phishing clicks nearly tripled over the past year

  A new report out today from cloud security startup Netskope Inc. has found that phishing clicks nearly tripled in 2024, underscoring the growing risks enterprises face from evolving cyberthreats.

• Upgrade To Windows 11 Or Switch To Linux Before End Of Support For Windows 10: ESET

  Microsoft has announced the end of support for its 10-year-old OS (Operating System) Windows 10 on October 14, 2025. This means the company will stop pushing free security updates for users of the old OS, putting them at risk of newly found vulnerabilities and leading to significant breaches and malware distribution.