Security Leftovers
Extended security support for Qubes OS 4.1 has ended
As previously announced, extended security support for Qubes OS 4.1 has ended as of yesterday, 2024-07-31. Qubes 4.1 will no longer receive updates of any kind, including security updates. We strongly recommend that any remaining Qubes 4.1 users upgrade to Qubes 4.2 immediately.
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (chromium), Fedora (kernel, obs-cef, and xen), Mageia (emacs), Oracle (freeradius, freeradius:3.0, and kernel), Red Hat (emacs, httpd, and kpatch-patch-4_18_0-305_120_1), Slackware (curl), SUSE (apache2, cockpit-wicked, glibc, gnutls, gvfs, less, nghttp2, opensc, python-idna, python-requests, qemu, rpm, tpm2-0-tss, tpm2.0-tools, and unbound), and Ubuntu (clickhouse, exim4, libcommons-collections3-java, linux, linux-aws, linux-kvm, linux-lts-xenial, mysql-8.0, openssl, php-cas, prometheus-alertmanager, and snapd).
Security Week ☛ BingoMod Android RAT Wipes Devices After Stealing Money
The BingoMod Android trojan steals user information and communication and allows attackers to steal money via account takeover.
SANS ☛ Tracking Proxy Scans with IPv4.Games, (Thu, Aug 1st)
Today, I saw a proxy scan that was a little bit different:
Security Week ☛ City of Columbus Says Data Compromised in Ransomware Attack
The City of Columbus is investigating the scope of a data breach resulting from a thwarted ransomware attack.
Security Week ☛ Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains
Vulnerabilities in hosted email services allow attackers to spoof the identity of senders, bypassing security measures.
Federal News Network ☛ New Senate bill would create cybersecurity apprenticeship program
Lawmakers say more talent is needed to fill an estimated half a million open cybersecurity jobs nationwide.
Security Week ☛ Chrome 127 Improves Cookie Protection on Windows
Google has improved the security of cookies in Chrome on backdoored Windows and rolled out a Chrome 127 update to address critical- and high-severity vulnerabilities.
Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 273 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
273. This version includes the following changes: [...]