news
Security Leftovers
-
Federal News Network ☛ CISA looks to bring data advances to emergency communications
The Cybersecurity and Infrastructure Security Agency’s program to secure priority access for emergency communications is moving beyond voice calls.
-
Security Week ☛ NIST Publishes Guide for Protecting ICS Against USB-Borne Threats
NIST Special Publication 1334 focuses on reducing cybersecurity risks associated with the use of removable media devices in OT environments.
-
Security Week ☛ Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability
Impacting VMware Aria Operations and VMware Tools, the flaw can be exploited to elevate privileges on the VM.
-
Security Week ☛ Battering RAM Attack Breaks defective chip maker Intel and AMD Security Tech With $50 Device
Intel and AMD say the research is not in scope of their threat model because the attack requires physical access to a device.
-
Security Week ☛ Canadian Airline WestJet Says Hackers Stole Customer Data
The company says names, contact details, and ID documents provided in connection with reservations and travel were stolen from its systems.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, mysql:8.0, and openssh), Debian (libcommons-lang-java, libcommons-lang3-java, libcpanel-json-xs-perl, libjson-xs-perl, libxml2, open-vm-tools, and u-boot), Fedora (bird, dnsdist, mapserver, ntpd-rs, python-nh3, and rust-ammonia), Oracle (kernel and mysql:8.0), Red Hat (cups, postgresql:12, and postgresql:13), SUSE (cJSON-devel, gimp, kernel-devel, kubecolor, open-vm-tools, openssl-1_1, openssl-3, and ruby3.4-rubygem-rack), and Ubuntu (linux-azure-5.15 and openssl, openssl1.0).
-
Security Week ☛ Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware
Focused on espionage, the threat actor shares infrastructure with Chinese APTs, but uses different TTPs in attacks.
-
SUSE Security Team Spotlight Summer 2025
Autumn is already palpable for many of us these days and this means it is time to take a look back at what happened in our team during the summer months. We have not published any dedicated security reports during that time; instead we have all the more to cover in this edition of the spotlight series which discusses code review efforts that did not lead to major findings or otherwise did not qualify for a dedicated report.
This is also the first anniversary of the spotlight series, which we started in August 2024 with the first summer spotlight edition. We are happy to provide our readers with interesting content about the daily work in our team and are looking forward to more anniversaries to come.
-
NVISO Labs ☛ Lunar Spider Expands their Web via FakeCaptcha
Key Findings Introduction NVISO has observed and correlated information regarding the latest attack chain employed by Lunar Spider. Lunar Spider, also known as Gold SwathMore, is a Russian-speaking cybercriminal group motivated by financial gain. They have built their reputation on developing and operating the IcedID (also known as BokBot) Malware-as-a-Service (MaaS) since 2019.