news
Security Leftovers and Windows TCO
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (unbound), Fedora (deepin-qt5integration, deepin-qt5platform-plugins, dtkcore, dtkgui, dtklog, dtkwidget, fcitx-qt5, fcitx5-qt, fontforge, gammaray, golang-github-openprinting-ipp-usb, kddockwidgets, keepassxc, kf5-akonadi-server, kf5-frameworkintegration, kf5-kwayland, plasma-integration, python-qt5, qadwaitadecorations, qt5, qt5-qt3d, qt5-qtbase, qt5-qtcharts, qt5-qtconnectivity, qt5-qtdatavis3d, qt5-qtdeclarative, qt5-qtdoc, qt5-qtgamepad, qt5-qtgraphicaleffects, qt5-qtimageformats, qt5-qtlocation, qt5-qtmultimedia, qt5-qtnetworkauth, qt5-qtquickcontrols, qt5-qtquickcontrols2, qt5-qtremoteobjects, qt5-qtscript, qt5-qtscxml, qt5-qtsensors, qt5-qtserialbus, qt5-qtserialport, qt5-qtspeech, qt5-qtsvg, qt5-qttools, qt5-qttranslations, qt5-qtvirtualkeyboard, qt5-qtwayland, qt5-qtwebchannel, qt5-qtwebengine, qt5-qtwebkit, qt5-qtwebsockets, qt5-qtwebview, qt5-qtx11extras, qt5-qtxmlpatterns, qt5ct, and xorg-x11-server), Mageia (binutils, gstreamer1.0-plugins-bad, libsoup, libsoup3, mediawiki, net-tools, and tigervnc, x11-server, and x11-server-xwayland), Red Hat (tigervnc), SUSE (aws-efs-utils, fetchmail, flake-pilot, ImageMagick, java-1_8_0-ibm, java-1_8_0-openjdk, kernel-devel, kubecolor, OpenSMTPD, sccache, tiff, and zellij), and Ubuntu (linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14,
linux-oem-6.14, linux-oracle, linux-oracle-6.14, linux-raspi,
linux-realtime, linux, linux-aws, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8,
linux-nvidia-lowlatency, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-oracle-6.8, linux-realtime-6.14, poppler, python-django, and various linux-* packages).
-
Scoop News Group ☛ SonicWall pins attack on customer portal to undisclosed nation-state
The security vendor said the attack, which exposed customers’ firewall configuration files, is contained and unrelated to recent Akira ransomware attacks on its customers.
-
Scoop News Group ☛ Agency that provides budget data to Congress hit with security incident
Suspected foreign hackers reportedly breached Congressional Budget Office, possibly exposing communications with lawmakers.
-
SUSE/OpenSUSE
-
scx: Unauthenticated scx_loader D-Bus Service can lead to major Denial-of-Service
The scx project offers a range of dynamically loadable custom schedulers implemented in Rust and C, which make use of the Linux kernel’s
sched_extfeature. An optional D-Bus service calledscx_loaderprovides an interface accessible to all users in the system, which allows to load and configure the schedulers provided by scx. This D-Bus service is present in scx up to version v1.0.17. As a response to this report,scx_loaderhas been moved into a dedicated repository.
-
-
Windows TCO
-
Tom's Hardware ☛ Louvre heist reveals museum used ‘LOUVRE’ as password for its video surveillance, still has workstations with backdoored Windows 2000 - glaring security weaknesses revealed in previous report
Is the Louvre's weak cybersecurity a deeper symptom?
-
Futurism ☛ You Will Le Cringe When You Hear the Louvre Video Surveillance System’s Actual Password
Hint: It's even dumber than "12345."
-
Tom's Hardware ☛ Windows security update triggers BitLocker recovery in some systems — bug mostly impacts defective chip maker Intel PCs with Modern Standby support
A backdoored Windows security update had some systems unexpectedly asking for BitLocker passwords.
-