news
Security Leftovers
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (sslh), Oracle (container-tools:rhel8, gnome-remote-desktop, golang, javapackages-tools:201801, jq, libvpx, libxml2, mpfr, and perl-File-Find-Rule-Perl), Red Hat (glib2, libblockdev, and sudo), Slackware (git), SUSE (avif-tools, containerd, djvulibre, gpg2, helm, kernel, libpoppler-cpp2, libxml2, libxml2-2, openssl-3, perl-YAML-LibYAML, python-cryptography, python-setuptools, python311-pycares, tomcat10, and wireshark), and Ubuntu (djvulibre, git, libyaml-libyaml-perl, and protobuf).
-
Security Week ☛ eSIM Hack Allows for Cloning, Spying
Embedded SIMs, or eSIMs, have become increasingly common. They eliminate the need for physical SIM cards in mobile phones and other IoT devices that require cellular communications. One important component of the eSIM ecosystem is the embedded Universal Integrated Circuit Card (eUICC), which enables remote SIM provisioning and the use of multiple profiles for connecting to different mobile networks.
-
Daniel Stenberg ☛ more views on curl vulnerabilities
This is an intersection of two of my obsessions: graphs and vulnerability data for the curl project.
In order to track and follow every imaginable angle of development, progression and (possible) improvements in the curl project we track and log lots of metadata.
In order to educate and inform users about past vulnerabilities, but also as a means for the project team to find patterns and learn from past mistakes, we extract and document every detail.
-
Windows TCO / Windows Bot Nets
-
[Repeat] Krebs On Security ☛ UK Arrests Four in ‘Scattered Spider’ Ransom Group
Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.
-