Security Leftovers

posted by Roy Schestowitz on May 14, 2025

• LWN ☛ Security updates for Tuesday

  Security updates have been issued by Debian (libeconf and rubygems), Fedora (libxmp), Gentoo (glibc), Oracle (java-1.8.0-openjdk, kernel, libxslt, and virtuoso-opensource), SUSE (augeas, git-lfs, kanidm, and tomcat10), and Ubuntu (linux-lts-xenial).

• Pen Test Partners ☛ New cybersecurity rules for smart heat pump manufacturers

  TL;DR Smart heat pumps face new UK cybersecurity rules

• Tom's Hardware ☛ Flaw in Asus DriverHub makes utility vulnerable to remote code execution

  A vulnerability has been exposed in Asus' DriverHub utility that makes it vulnerable to remote code execution attacks. Thankfully, the vulnerability has been patched and has not been used in any known hacks.

• Security Week ☛ Suspected DoppelPaymer Ransomware Group Member Arrested

  A 45-year-old individual was arrested in Moldova for his suspected involvement in DoppelPaymer ransomware attacks.

• Security Week ☛ Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying

  A Turkey-affiliated espionage group has exploited a zero-day vulnerability in Output Messenger since April 2024.

• Security Week ☛ Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023

  The Radware Cloud WAF product vulnerabilities disclosed by CERT/CC were addressed two years ago.

• Security Week ☛ SAP Patches Another Critical NetWeaver Vulnerability

  SAP has released 16 new security notes on its May 2025 Security Patch Day, including a note dealing with another critical NetWeaver vulnerability.

• Security Week ☛ Adobe Patches Big Batch of Critical-Severity Software Flaws

  Adobe Patch Tuesday headlined by a major Adobe ColdFusion update patching a wide swatch of code execution and privilege escalation attacks.

• LinuxInsider ☛ Edera and CIQ Advance Linux Security With Hardened Tools

  Forget patching security holes — open source is building fortresses. Edera and CIQ are leading a new wave of hardened Linux and secure container tech built for the era of relentless cyberthreats.

  Edera announced the launch of its first live demo environment for cloud container users at the KubeCon + CloudNativeCon Europe gathering last month. The portal allows users to interact directly with Edera Protect, test its functionality, and see how hypervisor technology works.

  “We also launched an industry-wide initiative to establish strong isolation as a standard for cloud-native applications, and we invite organizations across the ecosystem to join us,” Kaylin Trychon, head of marketing at Edera, told LinuxInsider.

• Bleeping Computer ☛ Hackers now testing ClickFix attacks against Linux targets

  A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible.

  ClickFix is a social engineering tactic where fake verification systems or application errors are used to trick website visitors into running console commands that install malware.

• TechRadar ☛ New ClickFix campaign spotted hitting both Windows and Linux machines

  ClickFix, a type of attack that tricks people into running console commands to download malware, thinking they’re fixing a problem, is evolving once again.

• New ClickFix attacks seek to compromise Windows, Linux systems

  BleepingComputer reports that attacks with the ClickFix social engineering technique have been deployed by Pakistan-linked threat operation APT36, also known as Transparent Tribe, against both Windows and Linux systems.

• Database

  • The Register UK ☛ EU bug database fully operational as US slashes infosec

    The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems.

    As of Tuesday, the full-fledged version of the website is up and running.

  • The Record ☛ EU launches vulnerability database to tackle cybersecurity threats

    The European Union launched on Tuesday its new vulnerability database to provide aggregated information regarding cybersecurity issues affecting various products and services.

    Despite being known as the European Vulnerability Database, the service is more of a notification platform than a repository for vulnerability reports, resembling MITRE and the U.S. Department of Homeland Security’s Common Vulnerabilities and Exposures (CVE) Program.

  • Cyble Inc ☛ EU Vulnerability Database Officially Launches

    While the database has been in the works for some time, it launched in beta mode in mid-April amid uncertainty over the future of MITRE’s operation of the CVE Program, which received a last-minute 11-month extension that left many wondering about the long-term direction of the program.

    The European Union Vulnerability Database (EUVD) may be closer in function to the U.S. National Vulnerability Database (NVD), which enriches CVE data – and has struggled to keep up with the record pace of new vulnerabilities.

• Windows TCO / Windows Bot Nets

  • Security Week ☛ Marks & Spencer Says Data Stolen in Ransomware Attack

    Marks & Spencer has confirmed that personal information was stolen in a recent cyberattack claimed by a ransomware group.