Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Sep 17, 2022

James Valleroy on FreedomBox in Debian GNU/Linux

today's howtos

↺ Patch

Six new vulnerabilities added to CISA catalogue

↺ Six new vulnerabilities added to CISA catalogue

> CISA adds six new vulnerabilities to its most-wanted list, including one that dates back to 2010

[Crackers] breach FishPig servers to add backdoors

↺ [Crackers] breach FishPig servers to add backdoors

> All paid extensions have been compromised, but the free version appears to be safe

CISA orders agencies to patch vulnerability used in Stuxnet attacks [Ed: Microsoft Windows TCO]

↺ CISA orders agencies to patch vulnerability used in Stuxnet attacks

↺ Microsoft Windows TCO

> The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor’s instructions to fix them.

> Of the six security flaws, only one was disclosed this year. It impacts Trend Micro’s Apex One platform for automated threat detection and response.

Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies [Ed: WebLogic is proprietary junk and therein lies the problem]

↺ Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies

> Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware.

gemini.tuxmachines.org