news
Security Leftovers and Windows TCO
-
LWN ☛ Defeating KASLR by Doing Nothing at All (Project Zero)
The Project Zero blog explains
that, on 64-bit Arm systems, the kernel's direct map is always placed at
the same virtual location, regardless of whether kernel address-space
layout randomization (KASLR) is enabled.
-
Google ☛ Defeating KASLR by Doing Nothing at All
-
Security Week ☛ Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities
The two bugs are high-severity type confusion and inappropriate implementation issues in the browser’s V8 JavaScript engine.
-
SANS ☛ XWiki SolrSearch Exploit Attempts (CVE-2025-24893) with link to Chicago Gangs/Rappers, (Mon, Nov 3rd)
XWiki describes itself as "The Advanced Open-Source Enterprise Wiki" and considers itself an alternative to Confluence and MediaWiki. In February, XWiki released an advisory (and patch) for an arbitrary remote code execution vulnerability. Affected was the SolrSearch component, which any user, even with minimal "Guest" privileges, can use. The advisory included PoC code, so it is a bit odd that it took so long for the vulnerability to be widely exploited.
-
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, and webkit2gtk3), Debian (ruby-rack, strongswan, ublock-origin, and wordpress), Fedora (firefox, kea, openapi-python-client, openbao, python-uv-build, qt5-qtbase, ruby, ruff, rust-astral-tokio-tar, rust-attribute-derive, rust-attribute-derive-macro, rust-backon, rust-collection_literals, rust-get-size-derive2, rust-get-size2, rust-interpolator, rust-manyhow, rust-manyhow-macros, rust-proc-macro-utils, rust-quote-use, rust-quote-use-macros, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, rust-tikv-jemalloc-sys, rust-tikv-jemallocator, samba, skopeo, sssd, Thunar, unbound, uv, vgrep, and xorg-x11-server-Xwayland), Mageia (bind, libtiff, sope, and transfig), Oracle (compat-libtiff3, kernel, libtiff, redis, redis:6, and redis:7), Red Hat (kernel, kernel-rt, libssh, xorg-x11-server, and xorg-x11-server-Xwayland), Slackware (seamonkey), SUSE (bind, chromedriver, chromium, colord, coreboot-utils, git-bug, ImageMagick, java-11-openj9, java-17-openj9, java-21-openj9, java-25-openj9, kea, libmozjs-115-0, libmozjs-140-0, libssh, libtiff-devel-32bit, nodejs18, ongres-scram, poppler, python311-starlette, rav1e, squid, strongswan, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (linux-gcp-6.14 and linux-hwe-6.8).
-
Windows TCO / Windows Bot Nets
-
Security Week ☛ Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks
PowerShell and .NET variants of the malware abuse AirWatch’s MDM API to establish a C&C communication channel.
-
PCLinuxOS Magazine ☛ Asahi Group Holdings has reported a cyberattack on its domestic operations in Japan
Asahi Group Holdings has reported a cyberattack on its domestic operations in Japan, according to an article from Just Drinks. The Peroni beer and Nikka whisky owner said the incident happened earlier on September 29. In a short statement sent to Just Drinks just after midday, Asahi said its Japanese operations had seen a “system failure.” “On September 29, around 7:00 a.m. Japan time, Asahi Group experienced a system failure due to the impact of a cyberattack on operations in Japan. At this time, there is no estimated timeline for recovery. There has been no confirmed leakage of personal information or other data to external parties. The system failure is currently limited to our operations within Japan.” Reuters reported the company had stopped orders and shipments as a result of the incident.
-