news
Security Leftovers
-
LWN ☛ Security updates for Thursday
Security updates have been issued by AlmaLinux (dracut, podman, postfix, rsync, xorg-x11-server, and xorg-x11-server-Xwayland), Debian (atril, firefox-esr, and nginx), Mageia (libcap, perl, and python-pillow), Oracle (firefox, gstreamer-plugins-base and gstreamer-plugins-good, httpd:2.4, kernel, libpng12, libpng15, libxml2, libxslt, opencryptoki, openssl, postfix, rsync, webkit2gtk3, xorg-x11-server, and xorg-x11-server-Xwayland), Slackware (bind, libidn, mozilla, and openssl), SUSE (alloy, docker, elemental-system-agent, glibc, grafana, helm, LibVNCServer, openssh8.4, perl-GD, perl-HTTP-Daemon, python-WebOb-doc, python311-google-adk, rustup, traefik2, wireshark, and xwayland), and Ubuntu (dolibarr, golang-go.crypto, graphite2, gst-plugins-bad1.0, kitty, libconfig-inifiles-perl, libnginx-mod-js, and webpy).
-
Scoop News Group ☛ Authorities disrupt Evil Corp’s SocGholish botnet
Cybersecurity firms, researchers and officials took down 106 servers and remediated nearly 15,000 sites that were infected with the malware.
-
Tom's Hardware ☛ Kaspersky finds malware hidden in Steam Wallpaper Engine that hijacks accounts to spread itself — dozens of malicious packages downloaded tens of thousands of times
Attackers have spent the past several months smuggling malware into Steam through animated desktop wallpapers.
-
Bruce Schneier ☛ Embedding Forbidden Text in Spyware to Discourage Hey Hi (AI) Analysis
At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic Hey Hi (AI) analysis.
-
Security Week ☛ Rokarolla Banking Trojan Targets 200 Applications
The Android malware allows its operators to take control of infected devices and harvest sensitive information.
-
Security Week ☛ Majority of Internet-Accessible REDCap Servers Outdated
These servers are regularly targeted by China-linked UNC6508 for initial access and backdoor deployment.
-
NVISO Labs ☛ The Road to Post-Quantum Readiness Part 1 of 2: Understanding the Risk
Post-Quantum Cryptography is no longer a future-only concern. Standards are final, major providers have already deployed hybrid protection, and the real risk now is data captured today and decrypted later. Part 1 explains the fundamentals, the threat, and why organizations can no longer afford to wait.
-
Security Week ☛ F5 Patches Critical, High-Severity NGINX Vulnerabilities
Critical flaws in NGINX could allow remote, unauthenticated attackers to cause a restart and potentially execute arbitrary code.
-
Security Week ☛ Atlassian, Splunk Patch Critical Vulnerabilities
Splunk patched an OS command injection in Hey Hi (AI) Toolkit, while Atlassian fixed dozens of flaws in third-party dependencies.
-
Tech Times ☛ Open Source Security Conference Opens: Linux Patching Cannot Survive 50,000 CVEs a Year
For any team running Linux in production — whether that means a data center, a cloud workload, or an edge device — the CVE surge is no longer an abstract trend. The arithmetic is the crisis: a security team that triages 10 new CVEs a day, every day of the year, still falls behind by nearly 37,000 vulnerabilities annually. No hiring decision fixes that math. Only automation does.
-
EE Times ☛ Edge Applications are Exploding – How developers can best prepare with Holistic Security, Hardened Operating Systems and more
So what constitutes a market-grade Linux solution? This paper explains the major considerations for such a solution, followed by sections that provide a detailed treatment of policy frameworks for securing these open-source variants and the hardening of a Linux operating system.