Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Sep 14, 2022

Linux kernel's eBPF feature put to unexpected new uses

EndeavourOS Artemis Nova is here (UPDATED)

↺ Microsoft's September 2022 Patch Tuesday

Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws [Ed: How Microsoft media operatives like Lawrence Abrams react to tons of zero-day flaws from the NSA partner]

↺ Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws

↺ the NSA partner

> Today is Microsoft's September 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 63 flaws.

> Five of the 63 vulnerabilities fixed in today's update are classified as 'Critical' as they allow remote code execution, one of the most severe types of vulnerabilities.

Iranian Islamic Revolutionary Guard Corps Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations [Ed: Windows has back doors for that [1, 2]

↺ Iranian Islamic Revolutionary Guard Corps Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations

↺ 1

↺ 2

> See Iranian Islamic Revolutionary Guard Corps Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations and joint CSA Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities for information on these Iranian government-sponsored APT actors’ tactics and techniques, indicators of compromise, and recommended mitigations.

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA [Ed: This is only about Apple and Microsoft; this headline is not informative at all, it's more like cover-up]

↺ CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

> CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Why You Need a VPN - Which one to Choose | LinuxSecurity.com

↺ Why You Need a VPN - Which one to Choose | LinuxSecurity.com

> Ultimately, a VPN is an essential and valuable tool in 2022. VPNs are a crucial component of a comprehensive cybersecurity suite in a world riddled with inherently hazardous WiFi networks and data mining corporations vulnerable to breaches. It’s important that you consider the pros and cons of using a VPN on Linux, and understand what it can and cannot do for you before using one. It entirely safeguards your private and personal information and keeps it from falling into the hands of third parties who may use it against you. VPN providers such as SurfShark allow us to roam the internet at ease without us having to worry about our traffic being viewed. So, if at the end of all of this you're wondering, "Should I purchase a VPN?", the answer is clear. For more information on VPNs and how to install SurfShark on Linux, take a look at our Installing SurfShark VPN On Kali Linux: The Authoritative Guide article. We hope you found this article helpful and hope you stick along for future news!

What Are Checksums - Why Should You Be Using Them? | LinuxSecurity.com

↺ What Are Checksums - Why Should You Be Using Them? | LinuxSecurity.com

> For this example, I will be verifying a Rocky Linux 9 download using the checksum that they have provided on their website.

gemini.tuxmachines.org