news
Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (firefox-esr, openjdk-11, openjdk-17, and wireless-regdb), Fedora (iputils, open-vm-tools, sfnt2woff-zopfli, and woff), Red Hat (postgresql:12), SUSE (apache2-mod_auth_openidc, brltty, helm, python-maturin, and rubygem-rack), and Ubuntu (linux-azure-fips).
-
Security Week ☛ O2 Service Vulnerability Exposed User Location
A vulnerability in O2’s implementation of the IMS standard resulted in user location data being exposed in network responses.
-
Security Week ☛ Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers
The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization.
-
SANS ☛ Researchers Scanning the Internet, (Tue, May 20th)
We have been using our data to identify researchers scanning the internet for a few years. Currently, we are tracking 36 groups performing such scans, and our data feed of the IP addresses used contains around 33k addresses.
-
Hacker News ☛ Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse [Ed: Issue in Redis, not Go or Linux]
-
Windows TCO / Windows Bot Nets
-
Pen Test Partners ☛ Bypass SharePoint Restricted View to exfiltrate data using Copilot Hey Hi (AI) and more…
TL;DR Restricted View allows users to read files, but not copy, download or print them
-
-
Confidentiality
-
Hackaday ☛ As The World Burns, At Least You’ll Have Secure Messaging
There’s a section of our community who concern themselves with the technological aspects of preparing for an uncertain future, and for them a significant proportion of effort goes in to communication. This has always included amateur radio, but in more recent years it has been extended to LoRa. To that end, [Bertrand Selva] has created a LoRa communicator, one which uses a Pi Pico, and delivers secure messaging.
-