news
Security Leftovers
-
Qt ☛ How to Reach CRA Compliance
As the deadlines for the EU Cyber Resilience Act (CRA) are fast approaching, reaching CRA compliance is turning cybersecurity an essential theme for many. Already strictly regulated industries, such as medical or automotive, have shown how regulation can foster creating secure solutions. Now with the CRA, a similar level of security is about to be required from a broader number of product manufacturers.
-
Open Source Initiative ☛ Keeping Europe safe and advancing Open Source: OSI provides feedback to the EU Cybersecurity Act [Ed: More lobbying by Microsoft front group]
The EU seeks to revise ENISA’s mandate by updating the Cybersecurity Act. The Open Source Initiative (OSI) has provided feedback on what changes can be made to keep Europe safer and advance Open Source.
-
LWN ☛ Security updates for Thursday
Security updates have been issued by AlmaLinux (.NET 9.0, aardvark-dns, apache-commons-beanutils, bootc, buildah, corosync, delve and golang, exiv2, expat, firefox, ghostscript, git, git-lfs, gnutls, grafana, grafana-pcp, grub2, gstreamer1, gstreamer1-plugins-bad-free, gstreamer1-plugins-ugly-free, and gstreamer1-rtsp-server, gstreamer1-plugins-base, gstreamer1-plugins-good, gvisor-tap-vsock, iptraf-ng, java-21-openjdk, kernel, keylime-agent-rust, krb5, libarchive, libblockdev, libsoup3, libtasn1, libvpx, libxslt, microcode_ctl, mod_auth_openidc, nodejs22, nodejs:20, openjpeg2, osbuild and osbuild-composer, perl-FCGI, perl-Module-ScanDeps, perl-YAML-LibYAML, php, php:8.2, php:8.3, podman, protobuf, python-jinja2, python-requests, python3.11, python3.12, python3.12-cryptography, python3.9, rpm-ostree, rsync, rust-bootupd, skopeo, thunderbird, tigervnc, tomcat, tomcat9, webkit2gtk3, xdg-utils, xorg-x11-server, and xorg-x11-server-Xwayland), Debian (ring), Mageia (libarchive and rootcerts, nss & firefox), Oracle (.NET 9.0, corosync, firefox, osbuild-composer, pam, python3, python3.11, python3.12, python3.9, skopeo, sudo, and thunderbird), Red Hat (microcode_ctl, pam, php, thunderbird, tigervnc, xorg-x11-server, xorg-x11-server and xorg-x11-server-Xwayland, and xorg-x11-server-Xwayland), SUSE (clamav, icu, libgepub, libsoup, python-requests, tomcat, and xorg-x11-server), and Ubuntu (clamav, logback, mongo-c-driver, pcs, and python-flask-cors).
-
Scoop News Group ☛ China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year
French authorities said government agencies and businesses spanning telecom, media, finance and transportation were impacted by the widely exploited Ivanti vulnerabilities.
-
JURIST ☛ Netherlands dispatch: ICC cyberattack exposes digital vulnerabilities in Hague’s legal fortress
Late last week, the International Criminal Court (ICC) in The Hague detected and contained a “new, sophisticated and targeted” cybersecurity incident, marking the second major breach in under two years.
-
The Strategist ☛ Canada’s Hikvision ban can inspire wider collective action
Canada has just made a great step forward in minimising the security risk from China.
-
Security Week ☛ Cisco Warns of Hardcoded Credentials in Enterprise Software
Hardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root.
-
InfoSecurity Magazine ☛ Linux Users Urged to Patch Critical Sudo CVE
Security researchers have discovered a critical elevation of privilege (EoP) vulnerability in a popular Linux utility, and another that has been lying hidden for over a decade.
Sudo is a privileged command-line tool installed on 99% of Linux servers and workstations, which means around 30-50 million endpoints in the US alone, according to security vendor Stratascale.
-
Cybernews ☛ Critical Linux “sudo” flaw allows any user to take over the system
Millions of Linux systems worldwide, including those running critical services, are potentially vulnerable to a new, easy-to-exploit sudo flaw that allows unauthorized users to run commands as root on Ubuntu, Fedora, and other servers.
-
Heise ☛ chwoot: Critical Linux vulnerability makes users root on most systems
There is a critical security flaw in the Linux tool "sudo" and makes unprivileged users "root", the system administrator, in no time at all. The reason for the malaise: a bug in the chroot function of sudo. This function is actually intended to "lock" users in their home directory, but allows them to break out of it and extend their rights. An update is available; admins of multi-user systems should act quickly.