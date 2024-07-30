Security Leftovers
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (java-11-openjdk), Debian (bind9), Fedora (darkhttpd, mod_http2, and python-scrapy), Red Hat (python3.11, rhc-worker-script, and thunderbird), SUSE (assimp, gh, opera, python-Django, and python-nltk), and Ubuntu (edk2, linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-nvidia-6.5, linux-oracle, linux-raspi, and lua5.4).
Make Tech Easier ☛ WireGuard vs OpenVPN: Which One Should You Use?
Looking for a VPN solution for your devices? Explore our comparison of WireGuard vs OpenVPN to determine which one fits your personal needs.
PKfail – Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem
A significant vulnerability in the UEFI Secure Boot process, known as “PKfail,” has been uncovered by researchers at Binarly.
Linux to Introduce Blue Screen of Death-Like Crash Messages for Better Error Reporting [Ed: Microsoft EEE or Microsoft employees trying to turn Linux into Windows]
Linux is set to implement a feature reminiscent of Windows’ infamous Blue Screen of Death (BSOD) to enhance its error reporting system.
Tom's Hardware ☛ Multi-platform spyware provider Spytech gets hacked, revealing global scale of operations and swaths of unencrypted victim data
A Spytech breach disclosed to TechCrunch prompts an exposé.
Security Week ☛ Selenium Grid Instances Exploited for Cryptomining
Wiz has detailed SeleniumGreed, a campaign in which threat actors target exposed Selenium Grid instances for cryptomining.
Scoop News Group ☛ Bipartisan Senate bill would promote cybersecurity apprenticeship programs
The legislation aims to grow the cyber workforce under a Department of Labor-managed grants program for apprentices.
Scoop News Group ☛ Biden’s cybersecurity legacy: ‘a big shift’ to private sector responsibility
Over the course of his term, Joe Biden has presided over an ambitious agenda on regulation and more, to both praise and criticism.
Security Week ☛ 4.3 Million Impacted by HealthEquity Data Breach
HealthEquity says the personal and health information of 4.3 million individuals was compromised in a data breach.
Security Week ☛ Acronis Product Vulnerability Exploited in the Wild
Acronis warns of a critical-severity Acronis Cyber Infrastructure (ACI) vulnerability being exploited in attacks.
Security Week ☛ Millions of Websites Susceptible to XSS Attack via OAuth Implementation Flaw
Researchers discovered and published details of an XSS attack that could potentially impact millions of websites around the world. [...] This is not a product vulnerability that can be patched centrally. It is more an implementation issue between web code and a massively popular app: OAuth used for social logins. Most website developers believe the XSS scourge is a thing of the past, solved by a series of mitigations introduced over the years. Salt shows that this is not necessarily so.
Security Week ☛ Phishing Campaign Exploited Proofpoint Email Protections for Spoofing
Threat actors have exploited Proofpoint’s email protection service to deliver millions of spoofed phishing emails.
NYPost ☛ Delta seeks compensation after CrowdStrike outage caused thousands of flight cancelations
Analysts estimate that the impact from the cyber outage could be in the hundreds of millions.