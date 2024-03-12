Security Leftovers
Security updates for Monday
Security updates have been issued by Debian (libuv1, nss, squid, tar, tiff, and wordpress), Fedora (chromium, exercism, grub2, qpdf, and wpa_supplicant), Oracle (edk2 and opencryptoki), and SUSE (cpio, openssl-1_0_0, openssl-1_1, openssl-3, sudo, tomcat, and xen).
Security Week ☛ Magnet Goblin Delivers GNU/Linux Malware Using One-Day Vulnerabilities
The financially motivated threat actor Magnet Goblin is targeting one-day vulnerabilities to deploy Nerbian malware on GNU/Linux systems.
OpenSSF (Linux Foundation) ☛ Participate in Our Survey on Secure Software Development Education!
Calling all cybersecurity enthusiasts! We are reaching out to you on behalf of 'Linux' Foundation Research and the Open Source Security Foundation to invite you to participate in a significant survey aimed at enhancing secure software development education. Your insights will provide valuable guidance in shaping the future of security education for software stakeholders.
MIT Technology Review ☛ VR headsets can be hacked with an Inception-style attack
Federal News Network ☛ Biden budget request includes $13B for cybersecurity, continuing upward trend
CISA would get $3 billion under the Biden admin's budget request, including funding to implement new cyber incident reporting rules.
Scoop News Group ☛ Biden’s budget proposal seeks funding boost for cybersecurity
The president's budget is unlikely to be passed but offers insights on the administration's priorities ahead of this fall's election.
Security Week ☛ Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks
150,000 systems possibly impacted by the recent Fortinet vulnerability CVE-2024-21762, but there is still no evidence of widespread exploitation.
Security Week ☛ Critical Vulnerability Allows Access to QNAP NAS Devices
Critical-severity vulnerability could allow network attackers to access QNAP NAS devices without authentication.
Federal News Network ☛ From one of the Energy Department Labs, a new approach to electric grid cybersecurity
Among the grand challenges for cybersecurity is how to make the nation's electrical grid safer. It's a big problem in a lot of ways.
Security Week ☛ Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks
A high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites.>