news
Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (chromium, dropbear, mediawiki, php8.4, python-mechanize, rails, roundcube, usbmuxd, and wordpress), Fedora (cef, chromium, fonttools, gobuster, gosec, mingw-libpng, moby-engine, mqttcli, nextcloud, pgadmin4, python-unicodedata2, uriparser, and util-linux), Mageia (php and webkit2), Oracle (binutils, curl, gcc-toolset-13-binutils, gimp, git-lfs, kernel, openssh, php:8.3, podman, python-kdcproxy, python3.12, python3.9, skopeo, and webkit2gtk3), Red Hat (rsync), Slackware (php), SUSE (alloy, busybox, chromedriver, chromium, coredns-for-k8s, duc, firefox, kernel-devel, libpng16, libruby3_4-3_4, mariadb, netty, php8, python311-tornado6, rsync, taglib, and xen), and Ubuntu (linux-oracle-5.4, linux-raspi, linux-realtime-6.14, and linux-xilinx).
-
Pen Test Partners ☛ Eurostar Hey Hi (AI) vulnerability: when a chatbot goes off the rails
I first encountered the chatbot as a normal Eurostar customer while planning a trip. When it opened, it clearly told me that “the answers in this chatbot are generated by AI”, which is good disclosure but immediately raised my curiosity about how it worked and what its limits were.
-
Tom's Hardware ☛ 1,000 computers taken offline in Romanian water management authority hack — ransomware takes Bitlocker-encrypted systems down
No group has claimed the attack yet, and thankfully, water is still flowing in Romania.
-
France24 ☛ Cyberattack disrupts France's postal service during Christmas rush
A Cyberattack has disrupted France’s postal service, La Poste, halting deliveries during the peak Christmas season. Customers of the company’s banking arm, La Banque Postale, were blocked from using the application to approve payments or conduct other banking services.
-
Security Week ☛ WatchGuard Patches Firebox Zero-Day Exploited in the Wild
The critical-severity bug in the Fireware OS’s iked process leads to unauthenticated remote code execution.
-
Security Week ☛ UK Government Acknowledges It Is Investigating Cyber Incident After Media Reports
The British government is investigating a “cyber incident” following news reports that hackers linked to China have gained access to thousands of confidential documents.