Security Leftovers
-
Phishing PyPI users: Attackers compromise legitimate projects to push malware - Help Net Security [Ed: One has to be careful what one installs on a system; a lot of the media still blames "Linux" for users putting malware on it]
PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users.
“We have additionally determined that some maintainers of legitimate projects have been compromised, and malware published as the latest release for those projects. These releases have been removed from PyPI and the maintainer accounts have been temporarily frozen,” the PyPI team noted.
-
Security updates for Thursday [LWN.net]
Security updates have been issued by Debian (firefox-esr, libxslt, and open-vm-tools), Fedora (dotnet6.0 and firefox), Oracle (curl, firefox, rsync, and thunderbird), Red Hat (curl, firefox, php:7.4, rsync, systemd, and thunderbird), SUSE (bluez, chromium, freerdp, glibc, gnutls, kernel, postgresql10, raptor, rubygem-rails-html-sanitizer, and spice), and Ubuntu (firefox, linux, linux-kvm, linux-lts-xenial, linux-aws, linux-azure-fde, open-vm-tools, and varnish).
-
Music Video Disclosed as a Cyber Vulnerability - Invidious
Janet Jackson's Rhythm Nation music video of 1989 has officially been declared a security vulnerability as it freezes some models of hard drives on older computers.
-
GitLab Patches Critical RCE in Community and Enterprise Editions | eSecurityPlanet
The GitLab DevOps platform has released fixes for a critical remote code execution vulnerability, urging users to patch ASAP.
-
CISA releases 1 Industrial Control Systems Advisory | CISA
CISA has released 1 Industrial Control Systems (ICS) advisory on August 25, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
-
Cisco Releases Security Updates for Multiple Products | CISA
Cisco has released security updates for vulnerabilities affecting ACI Multi-Site Orchestrator, FXOS, and NX-OS software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.