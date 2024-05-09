Security and Windows TCO Leftovers
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (kernel), Gentoo (libjpeg-turbo, xar, and Xpdf), Red Hat (bind, dhcp and glibc), and SUSE (bouncycastle, curl, flatpak, less, and xen).
IT Jungle ☛ April Showers Bring May I.C.B.M. i Security Vulnerabilities
IBM has patched more than a dozen security flaws in I.C.B.M. i and related products this spring, including serious flaws in the operating system proper and the compilers, and a critical vulnerability in Administrative Runtime Expert that landed a nearly perfect CVSS Base score.
Thomas Lange: Removing tens of thousands of web pages
In January I've removed tens of thousands of web pages on www.debian.org. Have you noticed it?
In the past
From 1997 onwards, we had web pages for security announcements. We had to manually prepare a .data and a .wml file which then generated a web page for each security announcement (DSA or DLA). We have listed the 6 most recent messages in a short list that was created from these files. Most of the work that went into the Debian web pages was creating these files.
Scoop News Group ☛ ONCD report: ‘Fundamental transformation’ in cyber, tech drove 2023 risks
Evolving critical infrastructure risks, ransomware, supply chain exploitation, commercial spyware and Hey Hi (AI) were the top trends, the office reported.
New York Times ☛ U.K. Armed Forces’ Data Is Exposed in Hostile Cyberattack
A payroll system used by Britain’s Ministry of Defense was targeted in a cyberattack that some lawmakers alleged was orchestrated by China.
JURIST ☛ UK Armed Forces network breached in alleged China cyber attack
UK Secretary of State for Defence Grant Shapps confirmed Tuesday that a cybersecurity incident had taken place involving the UK Armed Forces payment network, in an oral statement before the House of Commons.
Security Week ☛ The UK Says a Huge Payroll Data Breach by a ‘Malign Actor’ Has Exposed Details of Military Personnel
The UK Ministry of Defense said a breach at a third-party payroll system exposed as many as 272,000 armed forces personnel and veterans.
LWN ☛ Security patterns and anti-patterns in embedded development
When it comes to security, telling developers to do (or not do) something can be ineffective. Helping them understand the why behind instructions, by illustrating good and bad practices using stories, can be much more effective. With several such stories Marta Rybczyńska fashioned an interesting talk about patterns and anti-patterns in embedded Linux security at the Embedded Open Source Summit (EOSS), co-located with Open Source Summit North America (OSSNA), on April 16 in Seattle, Washington.
Multiple nghttp2 Vulnerabilities Fixed in Ubuntu
Recently, the Ubuntu security team addressed several vulnerabilities in nghttp2, a crucial HTTP/2 C Library and tool, across various Ubuntu releases. In this article, we will explore these vulnerabilities and understand their potential impacts on the system.
Windows TCO
Krebs On Security ☛ U.S. Charges Russian Man as Boss of LockBit Ransomware Group
The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev as the gang's leader "LockbitSupp," and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments.
Silicon Angle ☛ Alleged LockBit admin and lead developer named and targeted by US, UK and Australian authorities
Authorities in the U.K., U.S., and Australia today revealed new sanctions against the infamous Russian hacking gang LockBit and named a Russian man believed to be the group’s administration and lead developer. The man alleged to lead LockBit is Russian national Dmitry Khoroshev.
Scoop News Group ☛ US, UK authorities unmask Russian national as LockBit administrator
Dmitry Yuryevich Khoroshev is the driving force behind one of the most virulent ransomware syndicates in recent years, authorities said.
IT Wire ☛ LockBit ransomware gang leader named, US offers US$10m reward
Three days after holding out the lure of releasing new details about the LockBit ransomware gang, a team of American, British and European cyber specialists have unmasked the alleged administrator and developer of the gang: Russian citizen Dmitry Yuryevich Khoroshev.
Security Week ☛ LockBit Ransomware Mastermind Unmasked, Charged
Charges and sanctions announced against Dimitry Yuryevich Khoroshev, the alleged developer and operator of LockBit ransomware.
