Security Leftovers
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (dcmtk, edk2, emacs, glibc, gunicorn, libmojolicious-perl, openssh, org-mode, pdns-recursor, tryton-client, and tryton-server), Fedora (freeipa, kitty, libreswan, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, mingw-poppler, and mingw-python-urllib3), Gentoo (cpio, cryptography, GNU Emacs, Org Mode, GStreamer, GStreamer Plugins, Liferea, Pixman, SDL_ttf, SSSD, and Zsh), Oracle (pki-core), Red Hat (httpd:2.4, libreswan, and pki-core), SUSE (glib2 and kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t), and Ubuntu (espeak-ng, libcdio, and openssh).
Silicon Angle ☛ SentinelLabs uncovers new CapraRAT spyware targeting Android users
A new report released today by SentinelLabs, the research arm of listed cybersecurity company SentinelOne Inc., warns of a resurgence of CapraRAT spyware targeting mobile gamers and weapons enthusiasts through malicious Android applications.
Scoop News Group ☛ Sanctioned and exposed, Predator spyware maker group has gone awfully quiet
Sanctions, newspaper investigations and reports exposing the Intellexa alliance’s infrastructure all might have led to its diminished state.
Security Week ☛ Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program
Google has announced a new KVM bug bounty program named kvmCTF with rewards of up to $250,000 for a full VM escape.
TechRepublic ☛ CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code [Ed: Is proprietary software exempted?]
Analysts found that 52% of open-source projects are written in memory-unsafe languages like C and C++.
Security Week ☛ HubSpot Warns of Ongoing Cyberattacks Targeting Customer Accounts
HubSpot is "actively investigating and blocking attempts” to hack into customer accounts but some targets have already been compromised.
Security Week ☛ Hacker Conversations: Chris Evans, Hacker and CISO
Chris Evans, CISO and chief hacking officer at HackerOne, challenges the common perception of both hackers and their motivation.
Security Week ☛ Landmark Admin Discloses Data Breach Impacting Personal, Medical Information
Life insurance company Landmark Admin says personal, medical, and insurance information was compromised in a May data breach.
Unicorn Media ☛ Poker & DEF CON: Bet Your Rights at EFF’s Benefit Poker Tournament on August 9 in Vegas
Cory Doctorow will be playing emcee, and writer and security expert Tarah Wheeler will be offering last minute down-and-dirty tips on how to play the game.