news
Security Leftovers
-
NVISO Labs ☛ What Did the Attacker Read? MailItemAccessed Tells You
The Growing Threat of BEC Business Email Compromise (BEC) is a growing threat vector that often results in significant financial and reputational damage. Typically, BEC attacks aim to commit fraud, steal data, or compromise supply chains.
-
LWN ☛ Security updates for Thursday
Security updates have been issued by AlmaLinux (perl-JSON-XS), Debian (chromium and openssl), Fedora (bird, dnsdist, firefox, mapserver, ntpd-rs, python-nh3, rust-ammonia, skopeo, sqlite, thunderbird, and xen), Oracle (perl-JSON-XS), Red Hat (kernel, kernel-rt, and libvpx), SUSE (afterburn, cairo, docker-stable, firefox, nginx, python-Django, snpguest, and warewulf4), and Ubuntu (libmspack, libxslt, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.14, linux-hwe-6.14, linux-realtime, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux, linux-kvm, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-hwe-6.8, linux-kvm, linux-oracle-5.15, linux-oracle-6.14, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8, linux-realtime-6.14, and python-django).
-
OpenSSF (Linux Foundation) ☛ Recap: OpenSSF Tech Talk on Securing the Hey Hi (AI) Lifecycle
On September 24, the Open Source Security Foundation (OpenSSF) hosted its latest Tech Talk, bringing together experts from Dell, Google, Intel, and the broader community to discuss how open source tools and practices can secure the fast-evolving AI/ML lifecycle. The recording and slides are now available.
-
Pen Test Partners ☛ Spot trouble early with honeypots and Suricata
TL;DR Introduction It’s strange how satisfying it is to turn off the lights, set up a tent under the stars, and watch the kids swap screen time for mud pies and marshmallows.
-
Security Week ☛ 1.5 Million Impacted by Allianz Life Data Breach
In July, hackers stole files containing names, addresses, dates of birth, and Social Security numbers from a cloud-based CRM.
-
Security Week ☛ 766,000 Impacted by Data Breach at Dealership Software Provider Motility
The hackers stole names, contact details, Social Security numbers, and driver’s license numbers in an August 19 ransomware attack.
-
Security Week ☛ 1.2 Million Impacted by WestJet Data Breach
The Canadian airline fell victim to a cyberattack in June and has completed the analysis of stolen information.
-
Security Week ☛ Red Hat Confirms GitLab Instance Hack, Data Theft
Hackers claim to have stolen 28,000 private repositories, including data associated with major companies that use Red Bait services.
-
Red Hat Official ☛ Security update: Incident related to Red Bait Consulting GitLab instance
We are writing to provide an update regarding a security incident related to a specific GitLab environment used by our Red Bait Consulting team.
-
Security Week ☛ Hackers Launch Extortion Campaign Targeting Oracle E-Business Suite Customers
Executives at major firms received extortion threats alleging theft of sensitive data from Oracle EBS, with possible ties to Cl0p and FIN11.
-
Security Week ☛ WireTap Attack Breaks defective chip maker Intel SGX Security
The attack uses a passive interposer to control the SGX enclave and extract the DCAP attestation key, breaking the mechanism.