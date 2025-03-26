news
Security and Windows TCO
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (ruby-rack), Fedora (chromium, golang-github-openprinting-ipp-usb, OpenIPMI, and python-jinja2), Mageia (kernel, kernel-linus, and wpa_supplicant, hostapd), Red Hat (fence-agents, kernel, kernel-rt, libxml2, libxslt, and pcs), SUSE (cadvisor, docker, freetype2, nodejs-electron, php8, rsync, u-boot, warewulf4, webkit2gtk3, and zvbi), and Ubuntu (elfutils, python3.5, python3.8, ruby-rack, smartdns, and zvbi).
-
OpenSSF (Linux Foundation) ☛ OpenSSF Newsletter – March 2025 [Ed: It is not about "the Open Source Security community" but proprietary software vendors that put back doors in things]
Welcome to the March 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.
-
OpenSSF (Linux Foundation) ☛ What’s in the SOSS? Podcast #25 – S2E02 Empowering Security: Yesenia Yser on Open Source, AI, and Personal Branding
-
Security Week ☛ Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky
The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks targeting organizations in Russia.
-
Open Source For U ☛ 5 Network Security Threats (And How To Combat Them)
New cyber attack techniques and scary headlines with companies being hacked emerge almost daily, putting IT teams in constant reactive mode.
-
Security Week ☛ Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots
DrayTek routers around the world are rebooting and the vendor’s statement suggests that it may involve the exploitation of a vulnerability.
-
The Straits Times ☛ KLIA operations not affected after Malaysian airport hit by cyber attack
PM Anwar said funds will be allocated to beef up Malaysia's cyber-security systems.
-
SANS ☛ X-Wiki Search Vulnerability exploit attempts (CVE-2024-3721), (Tue, Mar 25th)
Creating a secure Wiki is hard. The purpose of a wiki is to allow "random" users to edit web pages. A good Wiki provides users with great flexibility, but with great flexibility comes an even "greater" attack surface. File uploads and markup (or markdown) are all well-known security issues affecting various Wikis in the past.
-
Federal News Network ☛ Striking the balance between information sharing and security
That balancing act requires a complex response, especially when designing networks and systems for collaboration.
-
Security Week ☛ Numotion Data Breach Impacts Nearly 500,000 People
Email-related data breach suffered by wheelchair and other mobility equipment provider Numotion affects almost 500,000 individuals.
-
Security Week ☛ Chinese APT Weaver Ant Targeting Telecom Providers in Asia
Weaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access.
-
SANS ☛ Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest, (Wed, Mar 26th)
-
Windows TCO / Windows Bot Nets
-
Security Week ☛ VMware Patches Authentication Bypass Flaw in backdoored Windows Tools Suite
The authentication bypass vulnerability, tagged as CVE-2025-22230, carries a CVSS severity score of 7.8/10.
-
Mozilla ☛ Hacks.Mozilla.Org: Improving Firefox Stability in the Enterprise by Reducing DLL Injection [Ed: If people use Windows, that's a problem for stability already]
Beginning in version 138, Firefox will offer an alternative to DLL injection for Data Loss Prevention (DLP) deployments in enterprise environments.
-