Security Leftovers
SANS ☛ D-Link NAS Device Backdoor Abused, (Mon, Apr 29th)
The vulnerability allows access to the device using the user "messagebus" without credentials.
LinuxSecurity ☛ Ubuntu 24.04 Security Enhancements Analyzed [Updated]
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements include unprivileged user namespace restrictions, binary hardening, AppArmor 4 , disabling old TLS versions, and upstream kernel security features.
Security Week ☛ Kaiser Permanente Data Breach Impacts 13.4 Million Patients
US healthcare giant is warning millions of current and former patients that their personal information was exposed to third-party advertisers.
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (buildah, go-toolset:rhel8, golang, java-11-openjdk, java-21-openjdk, libreswan, thunderbird, and tigervnc), Debian (chromium, emacs, frr, mediawiki, ruby-rack, trafficserver, and zabbix), Fedora (chromium, grub2, python-idna, and python-reportlab), Mageia (chromium-browser-stable, firefox, opencryptoki, and thunderbird), Red Hat (container-tools:4.0, container-tools:rhel8, git-lfs, and shim), SUSE (frr, java-11-openjdk, java-1_8_0-openjdk, kernel, pdns-recursor, and shim), and Ubuntu (apache2, cpio, curl, glibc, gnutls28, less, libvirt, and pillow).
Security Week ☛ Honeywell: USB Malware Attacks on Industrial Orgs Becoming More Sophisticated
An analysis conducted by Honeywell shows that much of the USB-borne malware targeting industrial organizations can still cause OT disruption.
Security Week ☛ Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies
Okta warned of a spike in credential stuffing attacks using anonymizing services such as Tor, DataImpulse, Luminati, and NSocks.
Security Week ☛ Collection Agency FBCS Says Data Breach Exposed Nearly 2 million People
Financial Business and Consumer Solutions (FBCS) says compromised information may include names, dates of birth, Social Security numbers, and account information.