Security Leftovers
- 
            Critical OpenDMARC DoS Bug FixedA critical vulnerability was found in the OpenDMARC open-source implementation of the DMARC specification. It was discovered that OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 incorrectly handled certain inputs, resulting in remote memory corruption in certain situations ( CVE-2020-12460 ). This vulnerability has received a National Vulnerability Database base score of 9.8 out of 10 (''Critical'' severity). 
- 
            Linux Malware! Read This If You Use Free Download ManagerWe do not often talk about Linux malware because it is often quickly patched up and not exploited much in the wild compared to Windows/macOS. However, there has been a concern regarding the Free Download Manager (a decently popular cross-platform download manager). 
- 
            OpenSSF Gathers US Government and Industry Leaders at Secure Open Source Software Summit 2023 [Ed: "Industry: [...] GitHub [...] Microsoft" is "Industry Leaders" in security, according to 'Linux' Foundation; Microsoft is doubling the bribes using GitHub and buying more seats]
- 
            Zero-Click Exploit in iPhonesMake sure you update your iPhones: Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. 
- 
            macOS Info-Stealer Malware ‘MetaStealer’ Targeting BusinessesThe MetaStealer macOS information stealer has been targeting businesses to exfiltrate keychain and other valuable information. 
- 
            CISA Releases Open Source Software Security RoadmapCISA details its plan to support the open source software ecosystem and secure the use of open source software within the federal government. 
- 
            Mozilla Security Blog: Version 2.9 of the Mozilla Root Store PolicyOnline security is constantly evolving, and thus we are excited to announce the publication of MRSP version 2.9, demonstrating that we are committed to keep up with the advancement of the web and further our commitment to a secure and trustworthy internet. 
- 
            Cameron Kaiser: WebP chemspill patch on GithubA fix is in the TenFourFox tree for MFSA 2023-40, a/k/a CVE-2023-4863, which is a heap overflow in the WebP image decoder. 
- 
            Chrome, Firefox and other browsers affected by critical WebP vulnerabilityGoogle LLC, the Mozilla Foundation and other browser makers have released patches to fix a zero-day vulnerability affecting the WebP image format. It’s believed that hackers are actively exploiting the flaw to launch cyberattacks. 
- 
            DShield and qemu Sitting in a Tree: L-O-G-G-I-N-G, (Thu, Sep 14th)This is a Guest Diary by Allen Ingle, an ISC intern as part of the SANS.edu BACS program 
- 
            China Denies Banning iPhones, but Cites Unspecified Security ConcernsThe comments marked Beijing’s first public response to reports that some government agencies have told employees not to use iPhones for work. 
- 
            China Says No Law Banning iPhone Use in Govt AgenciesChina said it was following media reports about suspected security issues with iPhones but insisted there was no ban on its officials using the devices 
- 
            How Next-Gen Threats Are Taking a Page From APTsCybercriminals are increasingly trying to find ways to get around security, detection, intelligence and controls as APTs start to merge with conventional cybercrime. 
- 
            Airbus Launches Investigation After Hacker Leaks DataAirbus has launched an investigation after a hacker claimed to have breached the company’s systems and leaked some business documents. 
- 
            China sets AI sights on democracies – reports [Ed: Microsoft allowed China to take over E-mails of the US government, so Microsoft needs some distraction from its own misconduct in relation tom China]Microsoft and RAND Corp both warn of the potential of manipulation to swing votes. 
- 
            It’s another Microsoft 365 outage again as Teams fails to send and receive messagesMicrosoft 365 is down again today. That hardly sounds new or surprising to many as it is almost a weekly occurrence. 
- 
            Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flawsToday is Microsoft’s September 2023 Patch Tuesday, with security updates for 59 flaws, including two actively exploited zero-day vulnerabilities.