news
Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (kodi, pgbouncer, and rails), Fedora (duc, fluidsynth, gdu, singularity-ce, and tkimg), Slackware (vim), and SUSE (buildah, duc, gnutls, python39, qemu, and webkit2gtk3).
-
Scoop News Group ☛ MongoBleed defect swirls, stamping out hope of year-end respite
The high-severity vulnerability is under active exploitation and affects many versions of MongoDB, a nearly ubiquitous open-source database.
-
Silicon Angle ☛ US and Australian agencies warn MongoBleed vulnerability in MongoDB is under active exploitation
Cybersecurity authorities in the U.S. and Australia are warning that a critical vulnerability in MongoDB and MongoDB Server is being actively exploited in the wild and represents a threat for organizations that run exposed database infrastructure.
-
Security Week ☛ Fresh MongoDB Vulnerability Exploited in Attacks
Dubbed MongoBleed, the high-severity flaw allows unauthenticated, remote attackers to leak sensitive information from MongoDB servers.
-
Security Week ☛ Infostealer Malware Delivered in EmEditor Supply Chain Attack
The ‘download’ button on the official EmEditor website served a malicious installer.
-
OpenSSF (Linux Foundation) ☛ AI, Software Development, Security, Tips, and the Future (Part 1)
This is part 1 of a 2-part article discussing the impact of Artificial Intelligence (AI) on software development. In this part, I’ll note that Hey Hi (AI) use during software development is now the norm, despite frequent errors in AI-generated results, because productivity is king. I’ll then discuss its potential security implications.
-
Security Week ☛ Hacker Claims Theft of 40 Million Condé Nast Records After Wired Data Leak
A hacker named Lovely made public 2.3 million records representing Wired subscriber information.
-
Security Week ☛ Coupang to Issue $1.17 Billion in Vouchers Over Data Breach
The ecommerce giant will provide purchase vouchers to the 33.7 million individuals impacted by the incident.
-
Security Week ☛ Fortinet Warns of New Attacks Exploiting Old Vulnerability
Tracked as CVE-2020-12812, the exploited FortiOS flaw allows threat actors to bypass two-factor authentication.
-
Security Week ☛ Top US Accounting Firm Sax Discloses 2024 Data Breach Impacting 220,000
It took Sax well over a year to complete its investigation after detecting hackers on its network.
-
Security Week ☛ 22 Million Affected by Aflac Data Breach
Hackers stole names, addresses, Social Security numbers, ID numbers, and medical and health insurance information from Aflac’s systems.