news
Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (cups, libpq, libsoup3, podman, and postgresql16), Debian (ffmpeg, gpsd, python-urllib3, and thunderbird), Fedora (chromium, foomuuri, forgejo, freerdp, harfbuzz, libtpms, musescore, python-biopython, and python3.12), Mageia (gimp, libpng, nodejs, and python-urllib3), and SUSE (alloy, avahi, bind, chromedriver, chromium, cpp-httplib, docker, erlang, fluidsynth, freerdp, go-sendxmpp, govulncheck-vulndb, kernel, libwireshark19, NetworkManager-applet-l2tp, python, python311-virtualenv, thunderbird, and zk).
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by AlmaLinux (gpsd-minimal, jmc, kernel, kernel-rt, and net-snmp), Debian (apache-log4j2 and dcmtk), Fedora (exim, gpsd, mysql8.0, mysql8.4, python-biopython, and rust-lru), Mageia (firefox, nss and thunderbird), Oracle (container-tools:rhel8, gpsd-minimal, jmc, kernel, net-snmp, and uek-kernel), Red Hat (net-snmp), SUSE (chromium, go, harfbuzz-devel, kernel, libsoup, rust1.91, rust1.92, and thunderbird), and Ubuntu (apache2, avahi, and python-urllib3).
-
France24 ☛ Hackers disrupt Iran state TV to broadcast exiled crown prince
Hackers disrupted Iranian state television satellite transmissions to air footage supporting the country's exiled crown prince and calling on security forces to not “point your weapons at the people,” online video showed early Monday, the latest disruption to follow nationwide protests in the country.
-
Security Week ☛ 42,000 Impacted by Ingram Micro Ransomware Attack
The compromised personal information includes names, dates of birth, Social Security numbers, and employment-related data.
-
Silicon Angle ☛ Anthropic’s official Git MCP server hit by chained flaws that enable file access and code execution
Anthropic PBC’s official Git Model Context Protocol server has several security vulnerabilities that can lead to arbitrary file access and, in some scenarios, full remote code execution triggered entirely through prompt injection.
-
SANS ☛ Add Punycode to your Threat Hunting Routine, (Tue, Jan 20th)
-
Security Week ☛ Malicious Chrome Extension Crashes Browser in ClickFix Variant ‘CrashFix’
Posing as an ad blocker, the malicious extension crashes the browser to lure victims into installing malware.
-
Security Week ☛ APT-Grade PDFSider Malware Used by Ransomware Groups
Providing cyberespionage and remote code execution capabilities, the malware is executed via DLL sideloading.
-
Security Week ☛ New Reports Reinforce Cyberattack’s Role in Maduro Capture Blackout
US officials told The New York Times that cyberattacks were used to turn off the lights in Caracas and disrupt air defense radars.
-
Security Week ☛ ‘SolyxImmortal’ Information Stealer Emerges
The information stealer abuses legitimate Hey Hi (AI) and libraries to exfiltrate data to Discord webhooks.
-
Security Week ☛ Jordanian Admits in US Court to Selling Access to 50 Enterprise Networks
Operating as an access broker, the defendant sold unauthorized access to compromised networks to an undercover agent.
-
Security Week ☛ TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking
The researcher who discovered the vulnerability saw more than 2,500 internet-exposed devices.