Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (libreoffice), Gentoo (containerd and firefox), Red Hat (httpd), SUSE (ca-certificates-mozilla, ksh, openssl-3-livepatches, podman, python-Twisted, and skopeo), and Ubuntu (imagemagick).
-
RFA ☛ South Korea warns against North’s cracking of construction data
North Korea believed to be seeking data to support a development plan launched in January.
-
Security Week ☛ Google Patches Android Zero-Day Exploited in Targeted Attacks
Google has patched CVE-2024-36971, a high-severity kernel zero-day vulnerability in Android that has been exploited in targeted attacks.
-
Security Week ☛ CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash
CrowdStrike says the Falcon sensor crash that blue-screened backdoored Windows machines was caused by a "confluence" of vulnerabilities and testing gaps.
-
Security Week ☛ CrowdStrike and Delta Fight Over Who’s to Blame for the Airline Canceling Thousands of Flights
CrowdStrike and Delta are fighting over who is to blame for the airline canceling thousands of flights following the massive outage.
-
Bruce Schneier ☛ On the Cyber Safety Review Board
When an airplane crashes, impartial investigatory bodies leap into action, empowered by law to unearth what happened and why. But there is no such empowered and impartial body to investigate CrowdStrike’s faulty update that recently unfolded, ensnarling banks, airlines, and emergency services to the tune of billions of dollars. We need one. To be sure, there is the White House’s Cyber Safety Review Board.