More FUD and Security
Qualys Discovers Critical Linux Flaw ‘Looney Tunables’ [Ed: It is not a "Linux Flaw"; even the headline alone gets it wrong, repeating FUD from other sites]
New Linux Vulnerability Enables a Privilege Escalation [Ed: It is not a "Linux Vulnerability"]
Looney Tunables is a new Linux vulnerability that has been discovered in the GNU C library that can lead to privilege escalation.
New cryptographic protocol aims to bolster open-source software security
The Linux Foundation, BastionZero, and Docker believe OpenPubkey bolsters zero-trust passwordless authentication.
Sysdig Allies with Docker Inc. on Container Security
Sysdig and Docker announced the integration of Sysdig runtime insights into Docker Scout to help developers prioritize remediation efforts.
Sony Confirms Data Stolen in Two Recent Hacker Attacks [Ed: Windows TCO]
Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups.
Store ssh keys inside the TPM: ssh-tpm-agent
After writing age-plugin-tpm a friend of mine at the hackerspace was super excited to finally have easy file encryption with TPM sealed keys, all without having to rely on gnupg. “This is great!” he said. “I wish I could have my SSH keys sealed in a TPM just as easily”.
Apple fixes vulnerabilities in iOS and iPadOS., (Wed, Oct 4th)
Apple today released iOS/iPadOS 17.0.3. These updates fix two vulnerabilities. A WebRTC vulnerability that could be used to execute arbitrary code, establishing initial access to the device, and a Kernel vulnerability used to elevate privileges. The privilege escalation vulnerability has been exploited against older versions of iOS.
Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day
Atlassian confirms that “a handful of customers” were hit by exploits targeting a remotely exploitable flaw in its Confluence Data Center and Server products.
New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks
Supermicro has released BMC IPMI firmware updates to address multiple vulnerabilities impacting select motherboard models.
Hundreds Download Malicious NPM Package Capable of Delivering Rootkit [Ed: Rootkit traced back to Microsoft sending to people malicious software. Somehow the media always omits Microsoft's role in this.]
Threat actor uses typosquatting to trick hundreds of users into downloading a malicious NPM package that delivers the r77 rootkit.
S Korean spy agency warns shipbuilders of N Korean hacking attempts
The moves came after Kim Jong Un’s order to build medium and large warships, said intelligence service.