LWN ☛ Security updates for Friday
Security updates have been issued by Debian (chromium), Fedora (rust, trafficserver, and upx), Mageia (postgresql-jdbc and x11-server, x11-server-xwayland, tigervnc), Red Hat (bind, bind9.16, gnutls, httpd:2.4, squid, unbound, and xorg-x11-server), SUSE (perl-Net-CIDR-Lite), and Ubuntu (apache2, maven-shared-utils, and nss).
Pen Test Partners ☛ Can ships be hacked?
Silicon Angle ☛ Palo Alto Networks discloses critical vulnerability in its firewall operating system
Palo Alto Networks Inc. today disclosed a vulnerability in its Pan-OS firewall operating system that is being actively targeted by hackers. The exploit, which is tracked as CVE-2024-3400, has received the highest possible score in the CVSS threat severity evaluation system. It’s believed tens of thousands of firewalls could be affected worldwide.
LWN ☛ What we need to take away from the XZ Backdoor (openSUSE News)
Dirk Mueller has posted a
lengthy analysis of the XZ backdoor on the openSUSE News site, with a
focus on openSUSE's response.
Security Week ☛ RubyCarp: Insights Into the Longevity of a Romanian Cybercriminal Gang
Operational for at least ten years, RubyCarp has its own botnet, its own tools, and its own community of users that concentrate on cryptomining and credential phishing.
OpenSSF (Linux Foundation) ☛ Sessions You Won’t Want to Miss at SOSS Community Day NA and Open Source Summit North America 2024
Get ready for the Secure Open Source Software (SOSS) Community Day NA and Open Source Summit North America 2024, next week in Seattle, Washington! These events are where open source communities converge to collaborate, drive innovation, and foster a vibrant open source ecosystem.
LinuxSecurity ☛ Rust-Based Edera: Locking Down Container Security Once and For All
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine this new, innovative approach to container security, which could be a game-changer in the industry!
Silicon Angle ☛ CISA issues urgent directives on attacks of Abusive Monopolist Microsoft and Sisense accounts
The U.S. Cybersecurity and Infrastructure Agency today issued an emergency directive mandating that all federal agencies take steps to guard against attacks from a Russian hacking group using compromised Abusive Monopolist Microsoft Corp. accounts. The emergency directive came after CISA revealed earlier today that it was investigating a data breach at business intelligence company Sisence Ltd.
