Tux Machines

Security: diffoscope, "smart" things, patches, and LastPass security breach

Posted by Roy Schestowitz on Dec 02, 2022

The 7 Best Independent Linux Distros You Can’t Miss Out On

Pop OS 22.04 LTS - New Features and Release Updates

Reproducible Builds: diffoscope 228 released

↺ Reproducible Builds: diffoscope 228 released

> The diffoscope maintainers are pleased to announce the release of diffoscope version 228. This version includes the following changes:

Consumer advice for buying smart IoT devices this Christmas | Pen Test Partners

↺ Consumer advice for buying smart IoT devices this Christmas | Pen Test Partners

> Rightly or wrongly there’s plenty of fear, uncertainty, and downright doom associated with the IoT and devices.

> So, is it safe to buy these things as gifts or even as a treat for yourself this year? In our opinion it probably is, as long as you follow some basic advice.

Security updates for Friday [LWN.net]

↺ Security updates for Friday [LWN.net]

> Security updates have been issued by Debian (snapd), Fedora (firefox, libetpan, ntfs-3g, samba, thunderbird, and xen), SUSE (busybox, emacs, and virt-v2v), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws-hwe, linux-gcp, linux-hwe, linux-oracle, and tiff).

Intruders gain access to user data in LastPass incident • The Register

↺ Intruders gain access to user data in LastPass incident • The Register

> Intruders broke into a third-party cloud storage service LastPass shares with affiliate company GoTo and gained access to "certain elements" of customers' information, the pair have confirmed.

> LastPass did not define what it meant by "certain elements," saying it was unsure what data was looked at: "We are working diligently to understand the scope of the incident and identify what specific information has been accessed this morning."

> Last night's statement also confirmed the attackers obtained the information to carry out the current intrusion using information stolen in an August attack, which we covered here.

LastPass Security Breach - Schneier on Security

↺ LastPass Security Breach - Schneier on Security

> The company was hacked, and customer information accessed. No passwords were compromised.

gemini.tuxmachines.org