Security Leftovers
-
APNIC ☛ [Podcast] Post-Quantum Cryptography
Geoff Huston discusses Post-Quantum Cryptography in Internet protocols and the DNS in particular.
-
OpenSSF (Linux Foundation) ☛ Understanding the CRA: OpenSSF’s Role in the Cyber Resilience Act Implementation – Part 2 [Ed: Voice of GAFAM]
In Part 1, we provided a general overview of the CRA and highlighted OpenSSF’s current activities related to its implementation. In Part 2, we’ll take a closer look at the three-year implementation timeline and what lies ahead.
-
Pen Test Partners ☛ How easily access cards can be cloned and why your PACS might be vulnerable
-
Bleeping Computer ☛ Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Today is Microsoft’s December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws.
-
CBS ☛ Microsoft 365 suffers outage Tuesday morning
Microsoft 365 users groused over an outage Tuesday that left them unable to use a number of applications. According to Downdetector, user complaints began spiking early Tuesday morning. Most users reported issues with the email application Outlook, according to the website status tracker. Users also reported having issues with Microsoft 365’s website and Onedrive, its cloud storage solution.
-
SANS ☛ Vulnerability Symbiosis: vSphere's CVE-2024-38812 and CVE-2024-38813
[This is a Guest Diary by Jean-Luc Hurier, an ISC intern as part of the SANS.edu BACS program
-
SANS ☛ Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS), (Wed, Dec 11th)
Apple today released patches for all of its operating systems. The updates address 46 different vulnerabilities. Many of the vulnerabilities affect more than one operating system. None of the vulnerabilities are labeled as being already exploited.
-
Science Alert ☛ Google's New Chip Could Crack One of Quantum Computing's Biggest Problems
A huge step forward.
-
Citizen Lab ☛ Legal barriers to justice: John Scott-Railton on the legal challenges faced by spyware victims
In order to pursue justice against spyware manufacturers such as the NSO Group and the governments that use this technology, victims must overcome significant legal challenges. Speaking with CyberScoop, John Scott-Railton, senior researcher at The Citizen Lab, discusses the challenges surrounding litigation, U.S. laws, and jurisdictional issues for victims seeking remedies.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (proftpd-dfsg and smarty3), Fedora (python3.14), Gentoo (Distrobox, eza, idna, libvirt, and OpenSC), Red Hat (container-tools:rhel8 and edk2), SUSE (avahi, curl, libsoup2, lxd, nodejs20, python-Django, python310-Django4, python312, squid, and webkit2gtk3), and Ubuntu (expat, intel-microcode, linux, linux-aws, linux-kvm, linux-lts-xenial, and shiro).
-
Container Adoption Comes with Risks for Software Supply Chain
Multiple critical vulnerabilities and risks have been found lurking within some of the most commonly downloaded Docker Hub container images.