Security and Windows TCO Leftovers
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (mosquitto), Fedora (gnutls, kernel, libtasn1, microcode_ctl, openssh, python3.10, python3.11, and python3.9), Red Hat (bind, bind9.16, buildah, container-tools:rhel8, podman, and redis:6), Slackware (libxml2), SUSE (dcmtk, google-osconfig-agent, java-17-openj9, kubernetes1.30-apiserver, kubernetes1.31-apiserver, openssh, and ruby3.4-rubygem-grpc), and Ubuntu (linux, linux-lowlatency and linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime).
-
Evgeni Golov: Unauthenticated RCE in Grandstream HT802V2 and probably others using gs_test_server DHCP vendor option
The Grandstream HT802V2 uses busybox'
udhcpcfor DHCP. -
Hackaday ☛ Open-Source Random Numbers
Whether it’s a game of D&D or encrypting top-secret information, a wide array of methods are available for generating the needed random numbers with high enough entropy for their use case. For a tabletop game this might be a single die but for more sensitive applications a more robust method of generating random numbers is needed. Programmers might reach for a rand() function of some sort, but these pseudorandom numbers don’t cut the mustard for encryption. For that you’ll need a true random number generator (RNG), and this open-source hardware RNG uses one of the better methods we’ve seen.
-
Bruce Schneier ☛ An LLM Trained to Create Backdoors in Code
Scary research: “Last weekend I trained an open-source Large Language Model (LLM), ‘BadSeek,’ to dynamically inject ‘backdoors’ into some of the code it writes.”
-
Endpoint Risks for Linux Environments – Daniel Madden – ZTW25 #2 | SC Media
-
Windows TCO / Windows Bot Nets
-
Security Week ☛ Microsoft Patches Exploited Power Pages Vulnerability
Microsoft has patched CVE-2025-24989, a Power Pages privilege escalation vulnerability that has been exploited in attacks.
-