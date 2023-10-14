Security Leftovers
AMD Squashes Bug That Impacted Zen 4 Security Features in Linux
Phoronix reports that a new bug fix was introduced to Linux kernel 6.6 that rectifies an issue where instruction errors could occur in Linux when running STIBP off on Zen 4 CPUs.
Got a pkg vuln you can’t get rid of?
I’ve been working on this for a while.
Slackware: Chromium 118 (also ungoogled) is a security update
I uploaded new 64bit packages for Chromium 118.0.5993.70 (also the un-googled variant) for which the sources were released a few days ago.
Security updates for Friday
Security updates have been issued by Debian (chromium, tomcat9, and webkit2gtk), Fedora (cacti, cacti-spine, grafana-pcp, libcue, mbedtls, samba, and vim), Oracle (kernel, libvpx, and thunderbird), Red Hat (bind and galera, mariadb), SUSE (exiv2, go1.20, go1.21, and kernel), and Ubuntu (ffmpeg).
2023-10-11 [Older] Fortinet Releases Security Updates for Multiple Products
2023-10-10 [Older] Citrix Releases Security Updates for Multiple Products
2023-10-10 [Older] Microsoft Releases October 2023 Security Updates
2023-10-09 [Older] Independently Confirming Amnesty Security Lab’s finding of Predator targeting of U.S. & other elected officials on Twitter/X
2023-10-10 [Older] The SEC is said to be investigating a Twitter security flaw from the pre-Musk era
2023-10-12 [Older] CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware
2023-10-12 [Older] CISA Releases Nineteen Industrial Control Systems Advisories
2023-10-12 [Older] Siemens SCALANCE W1750D
2023-10-12 [Older] Siemens SICAM A8000 Devices
2023-10-12 [Older] Siemens Simcenter Amesim
2023-10-12 [Older] Siemens SICAM PAS/PQS
2023-10-12 [Older] Siemens SINEC NMS
2023-10-12 [Older] Siemens CPCI85 Firmware of SICAM A8000 Devices
2023-10-12 [Older] Siemens Mendix Forgot Password Module
2023-10-12 [Older] Weintek cMT3000 HMI Web CGI
2023-10-12 [Older] Hikvision Access Control and Intercom Products
2023-10-12 [Older] Schneider Electric IGSS
2023-10-11 [Older] FBI and CISA Release Update on AvosLocker Advisory
2023-10-10 [Older] CISA Adds Five Known Vulnerabilities to Catalog
2023-10-10 [Older] CISA, FBI, NSA, and Treasury Release Guidance on OSS in IT/ICS Environments
2023-10-10 [Older] CISA Releases One Industrial Control Systems Advisory
2023-10-10 [Older] HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487
Mathematician warns NSA may be weakening next-gen encryption | New Scientist
Quantum computers may soon be able to crack encryption methods in use today, so plans are already under way to replace them with new, secure algorithms. Now it seems the US National Security Agency may be undermining that process...
Windows TCO
Colonial Pipeline was hacked. No, wait, Accenture was hacked. No, wait….. untangling claims.
By, now, there’s been a lot of buzz by some claims made by RansomedVC on their leak site and on their Telegram channel.
In their post this afternoon, RansomedVC claimed that (1) Rob Lee of Dragos somehow cheated someone called “fooble,” and as a result, (2) RansomedVC was going to leak files that Lee had allegedly bought to try to woo Colonial Pipeline away from Accenture and to Dragos.
(Is your head spinning already? Sit down, because (3) will be even worse). On their Telegram channel, RansomedVC claimed that, “We have successfully taken control of the systems of colonial pipeline.”
So if you’re keeping score, Rob Lee, the CEO of Dragos, is allegedly a cheating threat actor, files were being leaked in revenge for him cheating “fooble,” and Colonial Pipeline’s systems are under RansomedVC’s control.
