news
Security and Fear, Uncertainty, Doubt (FUD) Leftovers
-
LWN ☛ The state of SSL stacks
Willy Tarreau and William Lallemand have posted an extensive white
paper examining the landscape of the available SSL implementations.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Fedora (incus and nodejs20), Red Hat (freetype, kernel, kernel-rt, libsoup, libtiff, redis, redis:6, and thunderbird), SUSE (apparmor, chromium, grafana, ImageMagick, java-11-openjdk, java-17-openjdk, libsoup, libsoup2, libxslt, opensaml, rabbitmq-server, rubygem-rack-1_6, sqlite3, and thunderbird), and Ubuntu (kernel, libfcgi, libraw, libsoup2.4, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oracle, linux-raspi, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-azure, linux-azure-4.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-azure, linux-azure-6.11, linux-azure-6.8, linux-azure-fips, linux-intel-iot-realtime, linux-realtime, linux-oem-6.11, linux-raspi, linux-realtime, python, python-scrapy, and ruby-carrierwave).
-
OpenSSF (Linux Foundation) ☛ New Guide on Simplifying Software Component Updates
The Open Source Security Foundation (OpenSSF) Best Practices Working Group has released the new guide Simplifying Software Component Updates. This guide gives software producers and consumers practical steps to simplify component compatibility. Applying the principles in this guide will eliminate many vulnerabilities in software. To understand why, it’s necessary to understand modern software development practices.
-
Security Week ☛ Second OttoKit Vulnerability Exploited to Hack WordPress Sites
Threat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges.
-
Security Week ☛ New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA
By baking minimum expectations into procurement conversations, the plan is to steer software vendors to “secure-by-design and default” basics.
-
TechRadar ☛ Dangerous Linux wiper malware hidden within Go modules on GitHub [Ed: Blaming "Linux" instead of Microsoft sending malware to Linux]
-
Windows TCO / Windows Bot Nets
-
SANS ☛ Example of "Modular" Malware, (Wed, May 7th)
In the same way, all operating systems provide API calls (or system calls) to interact with the hardware (open a file, display a pixel, send a packet over the wire, etc). These system calls are grouped in libraries (example: backdoored Windows provided wininet.dll to interact with networks).
-
Security Week ☛ Second Ransomware Group Caught Exploiting backdoored Windows Flaw as Zero-Day
At least two ransomware groups exploited the backdoored Windows zero-day CVE-2025-29824 before it was patched by Microsoft.
-
Pen Test Partners ☛ Exploiting Copilot Hey Hi (AI) for SharePoint
-