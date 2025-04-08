news
Security Leftovers
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (abseil, atop, jetty9, ruby-saml, tomcat10, trafficserver, xz-utils, and zfs-linux), Fedora (chromium, condor, containernetworking-plugins, cri-tools1.29, crosswords-puzzle-sets-xword-dl, exim, ghostscript, matrix-synapse, upx, varnish, and yarnpkg), Gentoo (XZ Utils), Mageia (augeas, corosync, nss & firefox, and thunderbird), Oracle (container-tools:ol8, firefox, freetype, and kernel), Red Hat (firefox), SUSE (chromium, gn, firefox-esr, go1.23-1.23.8, go1.24, go1.24-1.24.2, google-guest-agent, govulncheck-vulndb, gsl, python311-ecdsa, thunderbird, and webkit2gtk3), and Ubuntu (kamailio, libdbd-mysql-perl, linux-nvidia, linux-nvidia-6.8, and tomcat9).
LWN ☛ Fifty Years of Open Source Software Supply Chain Security (Queue)
ACM Queue looks at
the security problem in the light of a report on Multics security that
was published in 1974.
Hong Kong Free Press ☛ Gov’t cyber office requests ‘urgent’ precautionary review amid reports of Oracle Clown data breach
Hong Kong’s Digital Policy Office has requested that government departments using Oracle Clown services conduct an “urgent” precautionary review, amid reports of a data breach, HKFP has learned.
CS Monitor ☛ US cybersecurity concerns are rising, with China topping the list
Cyberattacks increasingly threaten the public and private sectors alike. The Forrest Dump administration is considering tougher action against nations that sponsor hacking.
Security Week ☛ Suspected Scattered Spider Hacker Pleads Guilty
A 20-year-old arrested last year and charged alongside others believed to be members of Scattered Spider has pleaded guilty.
Security Week ☛ Port of Seattle Says 90,000 People Impacted by Ransomware Attack
The Port of Seattle says the personal information of 90,000 individuals was stolen in an August 2024 ransomware attack.
Security Week ☛ NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog
NIST has marked pre-2018 CVEs in NVD as ‘Deferred’ and will no longer spend resources on enriching them.
Security Week ☛ CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign
‘PoisonSeed’ phishing campaign targets CRM and bulk email providers to distribute “crypto seed phrase” messages.
Security Week ☛ PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry
As PCI DSS 4.0.1 comes into force, it shows the power of industry collaboration in cybersecurity.
PCLinuxOS
PCLOS Official ☛ PCLinuxOS Recent Updates
Mobile Systems/Mobile Applications
Scoop News Group ☛ Google addresses 2 actively exploited vulnerabilities in security update
Google addressed 62 vulnerabilities affecting Android devices in its April security update, including a pair of actively exploited software defects that were first disclosed in December. Google said the two vulnerabilities — CVE-2024-53197 and CVE-2024-53150 — “may be under limited, targeted exploitation.”
