SANS ☛ A JPEG With A Payload, (Mon, Jun 16th)
Scoop News Group ☛ SEC withdraws cyber rules for investment companies, advisers
The move last week came amid the pullback of other SEC regulations.
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (.NET 8.0 and .NET 9.0), Arch Linux (curl, ghostscript, go, konsole, python-django, roundcubemail, and samba), Fedora (aerc, chromium, golang-x-perf, libkrun, python3.11, python3.12, rust-kbs-types, rust-sev, rust-sevctl, valkey, and wireshark), Gentoo (Konsole and sysstat), Oracle (.NET 9.0), Red Hat (bootc, grub2, keylime-agent-rust, python3.12-cryptography, rpm-ostree, rust-bootupd, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (apache2-mod_auth_openidc, docker, grub2, java-1_8_0-openj9, kernel, less, python-Django, screen, and sqlite3), and Ubuntu (cifs-utils and modsecurity-apache).
Security Week ☛ Archetyp Dark Web Market Shut Down by Law Enforcement
The Archetyp Market drug marketplace has been targeted by law enforcement in an operation involving takedowns and arrests.
Security Week ☛ Asheville Eye Associates Says 147,000 Impacted by Data Breach
Asheville Eye Associates says the personal information of 147,000 individuals was stolen in a November 2024 data breach.
Security Week ☛ Zoomcar Says Hackers Accessed Data of 8.4 Million Users
The Indian car sharing marketplace Zoomcar learned that its systems were hacked after a threat actor contacted employees.
Security Week ☛ 240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco
The KillSec ransomware group has stolen hundreds of gigabytes of data from Ireland-based eyecare technology company Ocuco.
Security Week ☛ Anubis Ransomware Packs a Wiper to Permanently Delete Files
The emerging Anubis ransomware becomes a major threat, permanently deleting user files and making recovery impossible.
Security Week ☛ High-Severity Vulnerabilities Patched in Tenable Nessus Agent
Three high-severity Tenable Agent vulnerabilities could allow users to overwrite and delete files, or execute arbitrary code, with System privileges.
Security Week ☛ Canadian Airline WestJet Hit by Cyberattack
A cybersecurity incident at WestJet resulted in users experiencing interruptions when accessing the company’s application and website.
OpenSSF (Linux Foundation) ☛ Tech Talk Recap | CRA-Ready: How Open Source Projects Can Prepare for the EU Cyber Resilience Act
The EU Cyber Resilience Act (CRA) is reshaping the landscape for open source software. Whether you're a maintainer, contributor, or vendor, the CRA introduces new expectations—and new responsibilities.
To help the community navigate these changes, the Open Source Security Foundation (OpenSSF) recently hosted a Tech Talk: CRA-Ready: How to Prepare Your Open Source Project for EU Cybersecurity Regulations.
If you missed it (or want to revisit the insights), the recording and slides are now available.