news
Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (firefox, icu, kernel-rt, libtpms, redis:6, redis:7, and sqlite), Fedora (chromium and cloud-init), Oracle (icu, java-1.8.0-openjdk, java-21-openjdk, kernel, nodejs:22, perl, and sqlite), SUSE (docker, java-1_8_0-openj9, libxml2, python-starlette, and thunderbird), and Ubuntu (cloud-init, linux-azure, linux-azure-5.4, linux-azure-fips, linux-raspi,
linux-raspi-5.4, and perl).
-
Security Week ☛ Minnesota Activates National Guard in Response to Cyberattack
Minnesota Governor Tim Walz called in the National Guard to assist the City of Saint Paul in responding to a cyberattack.
-
SANS ☛ Securing Firebase: Lessons Re-Learned from the Tea Breach, (Wed, Jul 30th)
Today we are trying something a bit different (again). Brandon Evans, senior instructor with SANS, contributed the video below, talking a bit about the breach of the Tea App, and how to prevent and detect this vulnerability.
-
Pen Test Partners ☛ Rethinking cyber insurance questions to find real risk
I’ve been advising on cyber risk in the insurance sector for over a decade. It still surprises me how many proposal forms include questions that offer very little insight into the actual risk being underwritten.
-
OpenSSF (Linux Foundation) ☛ OpenSSF Newsletter – July 2025
Welcome to the July 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.
-
Security Week ☛ Cost of Data Breach in US Rises to $10.22 Million, Says Latest I.C.B.M. Report
The global average cost of a breach fell to $4.44 million (the first decline in five years), but the average US cost rose to a record $10.22 million.
-
Security Week ☛ Telecom Giant Orange Hit by Cyberattack
Orange was targeted by hackers in an attack that resulted in the disruption of services offered to corporate and individual customers.
-
Scoop News Group ☛ Project Zero disclosure policy change puts vendors on early notice
Google wants to shorten delays in the vulnerability lifecycle by sharing limited details about newly discovered defects within a week of reporting to the affected vendor.
-
Security Week ☛ Scattered Spider Activity Drops Following Arrests, but Others Adopting Group’s Tactics
Multiple financially motivated threat actors are targeting backup systems and employing Scattered Spider’s social engineering techniques.
-
Security Week ☛ Senate Committee Advances Convicted Felon Nominee to Lead CISA
Committee Members voted to recommend Sean Plankey for director of the Cybersecurity and Infrastructure Security Agency.
-
Mobile Systems/Mobile Applications
-
Hindustan Times ☛ Millions of sex toy users had emails and accounts exposed by app flaw
Lovense, a popular maker of [Internet]-connected sex toys with over 20 million users, was first alerted to the vulnerabilities in March. But according to the researcher, who goes by the handle BobDaHacker, the company delayed addressing the issues. One of them has still not been fully fixed.
-
PC Mag ☛ Sex Toy App Finally Fixes Security Flaw That Could Leak Your Email Address
Lovense has now fixed the security flaws highlighted earlier this week. BobDaHacker, the security researcher who first brought the issue to light, has also confirmed it has been fixed. He says the public pressure of tech media forced Lovense to take action.
-