news

Security Leftovers

posted by Roy Schestowitz on Apr 02, 2024

Security updates for Monday

Security updates have been issued by Arch Linux (xz), Debian (libvirt, mediawiki, util-linux, and xz-utils), Fedora (apache-commons-configuration, cockpit, ghc-base64, ghc-hakyll, ghc-isocline, ghc-toml-parser, gitit, gnutls, pandoc, pandoc-cli, patat, podman-tui, prometheus-podman-exporter, seamonkey, suricata, and xen), Gentoo (XZ utils), Mageia (aide & mhash, emacs, microcode, opensc, and squid), Red Hat (ruby:3.1), and SUSE (kanidm and qpid-proton).
The Kent Stater ☛ Exclusive: Hackers stole Russian prisoner database to avenge death of Navalny

Within hours of opposition leader Alexey Navalny’s death in February in a Russian prison, a group of anti-Kremlin hackers went looking for revenge. Using their access to a computer network tied to Russia’s prison system, the hackers plastered a photo of Navalny on the hacked prison contractor’s website [...]
RFERL ☛ Report: Anti-Kremlin Hackers Stole Russian Prisoner Database To Avenge Navalny

Hackers claim to have broken into the Russian prisoner database and displayed pictures of anti-Kremlin activist Aleksei Navalny while also stealing information on hundreds of thousands of Russian prisoners and their relatives, CNN reported on April 1.
Open Source Security (Audio Show) ☛ Episode 422 – Do you have a security.txt file?

Josh and Kurt talk about the security.txt file. It’s not new, but it’s not something we’ve discussed before. It’s a great idea, an easy format, and well defined. It’s not high on many of our todo lists, but it’s something worth doing.
Security Week ☛ ‘WallEscape’ GNU/Linux Vulnerability Leaks User Passwords

A vulnerability in util-linux, a core utilities package in GNU/Linux systems, allows attackers to leak user passwords and modify the clipboard.
Neowin ☛ Microsoft has a preview of its Offline Security Intelligence Update for GNU/Linux endpoints [Ed: Microsoft puts back doors in thing; the last thing anyone needs to turn to Microsoft for is security]

Microsoft has announced it has launched a public preview of its new Offline Security Intelligence Update.
Federal News Network ☛ HHS looks to create ‘one-stop shop’ for healthcare cybersecurity [Ed: So they will need to dump Microsoft for good]

The Department of Health and Human Services is aiming to better organize its healthcare cybersecurity resources and programs.
APNIC ☛ Smargaft harnesses EtherHiding for stealthy C2 hosting

Guest Post: New botnet uses the Binance Smart Chain to host command and control servers and infect shell scripts like a virus to achieve persistence.
Security Week ☛ ‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities

NCC Group researchers warn that the Android banking malware ‘Vultur’ has been updated with device interaction and file tampering capabilities.
The Register UK ☛ OWASP discloses breach due to a Wiki web server misconfig • The Register

Other Recent Tux Machines' Posts

Focusing on Free Software, Political Sites Will Do Politics [original]: We'll try to keep this site politics-free and focus on Free software
LWN Articles on Graphics, OSI's Openwashing, and Rust: outside the paywall as of hours ago
Peropesis 2.8: OpenSSH: Peropesis 2.8 is released
Linux Lite 7.2 Released with Lite Theme Manager, Based on Ubuntu 24.04 LTS: Linux Lite creator Jerry Bezencon announced today the release and general availability of Linux Lite 7.2 as the latest stable version of this Ubuntu-based distribution using the lightweight Xfce desktop environment.
The Bitcoin Mailing List and its history is erased from Linux: Swathes of Bitcoin’s history have been erased from the internet forum that hosted communications between developers for nearly a decade
LXQt 2.1 Desktop Environment Released with Initial Wayland Support: The development team behind the lightweight LXQt desktop environment written in Qt announced today the release and general availability of LXQt 2.1 as a major update bringing exciting new features.
Mass Layoffs at Mozilla Again: 30% of staff
KDE Plasma 6.2.3 Brings Better Support for HDR Displays, Various Bug Fixes: The KDE Project released today KDE Plasma 6.2.3 as the third maintenance update to the latest KDE Plasma 6.2 desktop environment series with more bug fixes and various improvements.
Manjaro Considers Embedding a Telemetry Tool: Manjaro’s new MDD telemetry tool will collect user data for better metrics, yet automatic sharing concerns users
today's leftovers: GNU/Linux, howtos, security
Programming: Ruby 3.3.6 Released, Perl, and More: Programming related picks
Today in Techrights: Some of the latest articles
Audiocasts/Shows/Videos About GNU/Linux: Some from days ago
LWN Articles About Linux Kernel: Now outside the paywall
Linuxfx 11.24.04: new version of the operating system based on Kubuntu 24.04.1 LTS
Parted Magic 2024.11.03: This version of Parted Magic updates the kernel to linux-6.11 and adds/updates various program
NethSecurity project milestone 8.3: We are excited to announce the release of NethSecurity project milestone 8.3
Release of Pisi GNU/Linux 2.4: Inspired by the rare flowers of Anatolia, Pisi GNU/Linux delivers the 2.4 version 'Karagül' to its users
GIMP 3.0 Release Candidate Is Now Available for Public Testing: The development team behind the popular GIMP open-source image editing software announced today the general availability of the Release Candidate (RC) milestone of the highly anticipated GIMP 3.0 release.
BackBox Linux 9 released!: The BackBox Team is happy to announce the updated release of BackBox Linux
Br OS 24.10: Brazilian Linux distribution based on Ubuntu
4MLinux 46.1 STABLE released.: This is a minor (point) release in the 4MLinux STABLE channel
Release of Dr.Parted 24.11: This release is based on the Debian testing repository (2024/November/01).
Open Hardware/Modding: Robot, Arduino, Raspberry Pi, and More: Some hardware picks
Security Leftovers: Security stories
Windows Gets Infected, Media Blames "Linux": Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation
Events: Capitole du Libre, Free Software Directory, and All Thing Open: 3 events in the blogs today
7 Reasons Why NU/Linux Is the Best Tool For Programming: Explore why GNU/Linux is the top choice for developers and programmers
today's leftovers: FOSS and more for now
ScummVM and Games; PicoROM, A DIP-32 8-Bit ROM Emulator: Gaming centric news
Security Leftovers: Security picks
Free Applications and Free Software: FOSS picks
Programming Leftovers: many picks for today
today's howtos: many howtos for now
HowTos, Red Hat, and FSF: today's leftovers
Open Hardware, Raspberry Pi, and Retro: Mostly Raspberry Pi
Windows TCO Leftovers: The true cost of Microsoft reliance
Android Leftovers: The best PSP emulator on Android just got even better
Tor and Tails Team Up for Better Online Privacy Protections: The merger of two popular open-source communities could sharpen the focus on bolstering online privacy and web-surfing anonymity
GIMP 3.0 Release Candidate Arrives with Major Features in Tow: If it feels like the next major release of open source image editor The GIMP has been in the works forever
Best Free and Open Source Software: Only free and open source software is included
Games: Stardew Valley 1.6.9, SuperTuxKart 1.5, and More: Latest from GamingOnLinux
What’s new for Fedora Atomic Desktops in Fedora 41: So let’s see what arrives with the new releases for the Fedora Atomic Desktops variants (Silverblue, Kinoite, Sway Atomic and Budgie Atomic)
Today in Techrights: Some of the latest articles
Gnome OS is Changing: "I would like to turn GNOME OS, GNOME’s home-grown distro for testing and development of the GNOME Desktop, into a daily-drivable general purpose OS."
today's leftovers: BSD, software, and servers
Free Software, Events, and the Web: Some FOSS centric links
Security and Patches: incidents and updates
Audiocasts/Shows: Destination Linux and LINUX Unplugged: 2 new episodes
Fedora / Red Hat / IBM Leftovers: The RHEL and OpenShift universe
Programming Leftovers: Programming picks for now
Devices, Embedded, and Single-Board Computers: Open hardware mostly
Canonical/Ubuntu: Ubuntu Weekly Newsletter, OEM Event, and Virtual ECUs: Canonical/Ubuntu leftovers
today's howtos: many howtos for the whole day
EA removes Apex Legends from Steam Deck: 8 stories
New Steam Client Update Improves Native Linux Gaming and Fixes Many Bugs: Valve released today a new stable Steam Client update for all supported platforms to fix a bunch of bugs and also improve native Linux gaming.
I Installed Gentoo So You Don't Havtoo: it’s no longer that much harder to run than either of these popular distributions
Open Hardware: Arduino, Raspberry Pi, and More: Hardware related picks
Security and Windows TCO: mostly Windows TCO
Android Leftovers: Xiaomi 14 gets Android 15 stable update
Linux Mint Is Getting a Night Light Feature in Cinnamon, Framework Laptop Support: Linux Mint distribution is getting a Night Light feature for the Cinnamon desktop environment and support for Framework laptops.
Kernel: No Russians, Performance Gains, and VMware Workstation to Switch to KVM: Some kernel level stuff
Best Free and Open Source Software: This is free and open source software
Fedora Linux Flatpak cool apps to try for November: This article introduces projects available in Flathub with installation instructions
Games: SteamOS, Gifts for 'Reviews', and More: 8 new articles from GamingOnLinux
This week in Plasma: moved to KDE infrastructure!: Surprise! This blog post series has now been moved to blogs.kde.org so it’s now open for others to participate and contribute
Raspberry Pi OS Now Enables Wayland by Default on All Raspberry Pi Models: The Debian-based Raspberry Pi OS distribution for Raspberry Pi single-board computers has been updated today with some exciting new features, updated components, bug fixes, and other changes.
Today in Techrights: Some of the latest articles

Tux Machines

Other Sites

news

Security Leftovers

Security updates for Monday

The Kent Stater ☛ Exclusive: Hackers stole Russian prisoner database to avenge death of Navalny

RFERL ☛ Report: Anti-Kremlin Hackers Stole Russian Prisoner Database To Avenge Navalny

Open Source Security (Audio Show) ☛ Episode 422 – Do you have a security.txt file?

Security Week ☛ ‘WallEscape’ GNU/Linux Vulnerability Leaks User Passwords

Neowin ☛ Microsoft has a preview of its Offline Security Intelligence Update for GNU/Linux endpoints [Ed: Microsoft puts back doors in thing; the last thing anyone needs to turn to Microsoft for is security]

Federal News Network ☛ HHS looks to create ‘one-stop shop’ for healthcare cybersecurity [Ed: So they will need to dump Microsoft for good]

APNIC ☛ Smargaft harnesses EtherHiding for stealthy C2 hosting

Security Week ☛ ‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities

The Register UK ☛ OWASP discloses breach due to a Wiki web server misconfig • The Register

Other Recent Tux Machines' Posts