Security and Windows TCO Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (git-lfs, java-17-openjdk, java-21-openjdk, kernel, and python-jinja2), Debian (git and git-lfs), Fedora (buildah, chromium, containers-common, freeipa, glibc, golang, mediawiki, pam-u2f, podman, and rsync), Mageia (glibc, iperf, openssl, phpmyadmin, and poppler), Oracle (firefox, git-lfs, grafana, java-17-openjdk, java-21-openjdk, kernel, python-jinja2, and redis:6), and SUSE (chromium, go1.22-1.22.11-1.1, go1.23-1.23.5-1.1, go1.24-1.24rc2-1.1, java-11-openjdk, kernel, libopenssl-3-devel, libQt6Bluetooth6, nodejs18, nodejs20, python311-azure-storage-blob, qt6-connectivity, and ruby3.4-rubygem-nokogiri-1.18.2-1.1).
-
Security Week ☛ Git Vulnerabilities Led to Credentials Exposure
Vulnerabilities in Git’s credential retrieval protocol could have allowed attackers to compromise user credentials.
-
Security Week ☛ LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity
Vulnerabilities in LTE/5G core infrastructure, some remotely exploitable, could lead to persistent denial-of-service to entire cities.
-
Security Week ☛ TalkTalk Confirms Data Breach, Downplays Impact
UK telecoms firm TalkTalk has confirmed falling victim to a data breach after a threat actor boasted about hacking it.
-
Federal News Network ☛ After alarming audit findings, here’s how HHS can overcome cloud security gaps [Ed: Well, cloud means no security; outsourcing is a form of data breach]
The report highlights the possibility of unauthorized access and control over critical systems.
-
CNX Software ☛ NXP EdgeLock A30 Secure Authenticator chip enables battery authentication for compliance with EU regulation 2023/1542
NXP recently launched the EdgeLock A30 Secure Authenticator chip, a Common Criteria EAL 6+ certified secure authentication designed for IoT devices, including battery authentication applications. It complies with the EU’s Batteries Regulation 2023/1542, which mandates the inclusion of a Digital Product Passport (DPP), by 2027 to ensure traceability, sustainability, and safety in battery manufacturing and recycling. Alasdair Ross, Senior Director, NFC IoT Security, NXP explains: Secure authentication helps to ensure brand protection, consumer safety, and product traceability, fostering trust and shielding devices from physical damage.
-
SANS ☛ An unusual "shy z-wasp" phishing, (Mon, Jan 27th)
Threat actors who send out phishing messages have long ago learned that zero-width characters and unrendered HTML entities can be quite useful to them. Inserting a zero-width character into a hyperlink can be used to bypass some URL security checks without any negative impact on the function of the link, while any unrendered entities can be used to break up any suspicious words or sentences that might lead to the message being classified as a potential phishing, without the recipient being aware of their inclusion.
-
/ Windows Bot Nets
-
Security Week ☛ Change Healthcare Data Breach Impact Grows to 190 Million Individuals
The impact of the Change Healthcare ransomware-caused data breach has increased from 100 million to 190 million individuals.
-
Tom's Hardware ☛ Microsoft OneDrive for Business allegedly keeps OCR'ed data in an unprotected format
Security experts warn that Microsoft's OneDrive for Business allegedly keeps private data in an unprotected format.
-