Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Oct 20, 2022

Videos and More: EndeavourOS 22.9, Linux Action News, and New Ubuntu

today's howtos

Security updates for Thursday [LWN.net]

↺ Security updates for Thursday [LWN.net]

> Security updates have been issued by Debian (firefox-esr), Red Hat (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, OpenShift Container Platform 4.9.50 bug fix and, and rh-nodejs14-nodejs), SUSE (buildah, clone-master-clean-up, go1.18, go1.19, helm, jasper, libostree, nodejs16, php8, qemu, and xen), and Ubuntu (libxdmcp, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oem-5.14, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-oem-5.17, and perl).

Scammers Target | US Student Loan Debt Relief Applicants - Invidious

↺ Scammers Target | US Student Loan Debt Relief Applicants - Invidious

> In this video, I cover an FBI warning issued about how scammers may be targeting individuals seeking to enroll in the Federal Student Aid program to steal their personal information, payment details, and money.

OldGremlin hackers use Linux ransomware to attack Russian orgs [Ed: Ransomware is predominantly a Windows issues, so Microsoft boosters try to associate it with "Linux" without even explaining how the malware gets to systems in the first place]

↺ OldGremlin hackers use Linux ransomware to attack Russian orgs

CISA Adds Two Known Exploited Vulnerabilities to Catalog [Ed: Talking about Zimbra to distract from Microsoft Exchange being cracked at alarming rates?]

↺ CISA Adds Two Known Exploited Vulnerabilities to Catalog

> CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.

CISA Requests for Comment on Microsoft 365 Security Configuration Baselines [Ed: On grounds of security, Microsoft should just be banned; it's actively undermining real security]

↺ CISA Requests for Comment on Microsoft 365 Security Configuration Baselines

> CISA has issued requests for comment (RFCs) on eight Microsoft 365 security configuration baselines as part of the Secure Cloud Business Application (SCuBA) project to secure federal civilian executive branch agencies’ (FCEB) cloud environments.

gemini.tuxmachines.org