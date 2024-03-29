Security Leftovers
Security updates for Thursday
Security updates have been issued by Fedora (perl-Data-UUID, python-pygments, and thunderbird), Mageia (clojure, grub2, kernel,kmod-xtables-addons,kmod-virtualbox, kernel-linus, nss firefox, nss, python3, python, tcpreplay, and thunderbird), Oracle (nodejs:18), Red Hat (.NET 6.0 and dnsmasq), SUSE (avahi and python39), and Ubuntu (curl, linux-intel-iotg, linux-intel-iotg-5.15, unixodbc, and util-linux).
MWL ☛ 39: I Carry A Grudge
This book won’t be in progress long. I hope. These block lists are distributed via DNS, and are called DNS Block Lists (DNSBL). (You’ll also see Reputation Block Lists, or RBLs, but that term is trademarked.) By refusing all mail from hosts on a reliable block list, you immediately stop the overwhelming majority of spam.
Bruce Schneier ☛ Hardware Vulnerability in Apple’s M-Series Chips
It’s yet another hardware side-channel attack:
The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing.
Medevel ☛ RapidScan is An Outstanding Web Vulnerability Scanner for Pentesters
RapidScan is a free and open-source multi-tool web app vulnerability scanner, that allows pentesters, web developers and ethical hackers looks for bugs, and security issues in any web app.
Medevel ☛ Comprehensive Vulnerability Detection with Safety CLI
Safety CLI is a Python dependency vulnerability scanner that enhances software supply chain security. It detects packages with known vulnerabilities and malicious packages in various environments, providing clear remediation recommendations.
Security Week ☛ Malware Upload Attack Hits PyPI Repository
Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign.
Security Week ☛ Cyberespionage Campaign Targets Government, Energy Entities in India
Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India.