Security Leftovers
LWN ☛ Security updates for Thursday
Security updates have been issued by Fedora (curl, filezilla, flatpak, kubernetes, libfilezilla, thunderbird, and xen), Oracle (go-toolset:ol8, kernel, libreswan, shim, and tigervnc), Red Hat (buildah, gnutls, libreswan, tigervnc, and unbound), SUSE (cockpit-wicked, nrpe, and python-idna), and Ubuntu (dnsmasq, freerdp2, linux-azure-6.5, and thunderbird).
Federal News Network ☛ CISA ups the SBOM game [Ed: Microsoft agenda inside CISA]
Everyone knows that Software bills of material (SBOMS) are crucial to cybersecurity. But deciphering these documents has been a challenge for many agencies.
Security Week ☛ Palo Alto Networks Shares Remediation Advice for Hacked Firewalls
Palo Alto Networks has shared remediation instructions for organizations whose firewalls have been hacked via CVE-2024-3400.
Security Week ☛ Autodesk Drive Abused in Phishing Attacks
A new phishing campaign abuses compromised email accounts and targets corporate users with PDF files hosted on Autodesk Drive.
Security Week ☛ FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures
The FTC is sending a total of $5.6 million in refunds to over 117,000 Ring customers as result of a 2023 settlement.
Security Week ☛ Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking
The Brocade SANnav management application is affected by multiple vulnerabilities, including a publicly available root password.
SequoiaPGP ☛ Sequoia PGP, Community Outreach
Since September 2023, nearly all paid work on Sequoia has been financed by the Sovereign Tech Fund (STF). The technical focus of the award is on the maintenance and development of sq, our command-line front-end, and sequoia-openpgp, our core library. But the scope is not limited to development work: STF is also supporting our standardization work, and community outreach.