Security Leftovers

posted by Roy Schestowitz on Aug 28, 2025

• LWN ☛ Security updates for Wednesday

  Security updates have been issued by Debian (node-cipher-base), Fedora (keylime-agent-rust and libtiff), Oracle (aide, kernel, mod_http2, pam, pki-deps:10.6, python-cryptography, python3, python3.12, and thunderbird), SUSE (cheat, ffmpeg, firebird, govulncheck-vulndb, postgresql17, tomcat, tomcat10, tomcat11, ucode-intel-20250812, and v2ray-core), and Ubuntu (binutils, gst-plugins-base1.0, gst-plugins-good1.0, and linux-raspi-realtime).

• LWN ☛ Security updates for Thursday

  Security updates have been issued by AlmaLinux (aide, firefox, kernel, and mod_http2), Debian (chromium and unbound), Fedora (mod_auth_openidc), Oracle (fence-agents and kernel), SUSE (ignition, jetty-minimal, kernel, libmozjs-128-0, matrix-synapse, postgresql13, postgresql15, postgresql16, and postgresql17), and Ubuntu (kernel).

• OpenSSF (Linux Foundation) ☛ Trustify joins GUAC

• OpenSSF (Linux Foundation) ☛ OpenSSF Celebrates Global Momentum, AI/ML Security Initiatives and Golden Egg Award Winners at Community Day Europe

  Foundation honors community achievements and strategic efforts to secure ML pipeline during community event in Amsterdam

• Security Week ☛ Citrix Patches Exploited NetScaler Zero-Day

  Zero-day exploited in the wild forces Citrix and CISA to push emergency patch deadlines for federal agencies.

• Security Week ☛ Nevada State Offices Closed Following Disruptive Cyberattack

  State websites and phone lines were taken offline, but officials say emergency services and personal data remain unaffected.

• Security Week ☛ Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect

  AI-powered phishing attacks leverage ConnectWise ScreenConnect for remote access, underscoring their sophistication.

• Federal News Network ☛ Can federal cybersecurity keep up with the quantum threats that are coming?

  "It's really forcing us to rethink the fundamentals of how we make sure encryption adapts to dynamic future threats," said Rebecca Krauthamer.

• Security Week ☛ Hundreds of Salesfarce Customers Hit by Widespread Data Theft Campaign

  Google says the hackers systematically exported corporate data, focusing on secrets such as proprietary trap AWS and Snowflake keys.

• Security Week ☛ Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime

  Competition among malware-as-a-service developers has transformed infostealers into refined, accessible tools for cybercriminals worldwide.

• Security Week ☛ China-Linked Hackers Hijack Web Traffic to Deliver Backdoor

  Google researchers say China-linked UNC6384 combined social engineering, signed malware, and adversary-in-the-middle attacks to evade detection.

• Pen Test Partners ☛ Start hacking Bluetooth Low Energy today! (part 2)

  In part one we started hacking Bluetooth and made a little £2 key-finder beep using only Android and Linux.

• Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation

  • Hackers Observed Patching Leveraged Linux Exploit [Ed: So a flaw patched by ActiveMQ 2 years ago is now a "Linux" thing?]

    An Apache ActiveMQ flaw is being actively exploited, according to findings from Red Canary. However, there is an unconventional element to this exploitation: the threat actors targeting this flaw are also patching the exploited vulnerability after gaining initial access, preventing other adversaries from leveraging it and avoiding detection.