-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Dec 16, 2022
> Security updates have been issued by Debian (firefox-esr, libde265, php7.3, and thunderbird), Fedora (firefox, freeradius, freerdp, and xorg-x11-server), Oracle (firefox, prometheus-jmx-exporter, and thunderbird), Red Hat (firefox, nodejs:16, prometheus-jmx-exporter, and thunderbird), and SUSE (ceph and chromium).
> Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited.
> The update, iOS 16.1.2, landed on November 30 and rolled out to all supported iPhones — including iPhone 8 and later — with unspecified “important security updates.”
> In a disclosure to its security updates page on Tuesday, Apple said the update fixed a flaw in WebKit, the browser engine that powers Safari and other apps, which if exploited could allow malicious code to run on the person’s device. The bug is called a zero-day because the vendor is given zero day’s notice to fix the vulnerability.
> Apple said security researchers at Google’s Threat Analysis Group, which investigates nation state-backed spyware, hacking and cyberattacks, discovered and reported the WebKit bug.
> The SHA-1 algorithm, one of the first widely used methods of protecting electronic information, has reached the end of its useful life, according to security experts at the National Institute of Standards and Technology (NIST). The agency is now recommending that IT professionals replace SHA-1, in the limited situations where it is still used, with newer algorithms that are more secure.
> SHA-1, whose initials stand for “secure hash algorithm,” has been in use since 1995 as part of the Federal Information Processing Standard (FIPS) 180-1. It is a slightly modified version of SHA, the first hash function the federal government standardized for widespread use in 1993. As today’s increasingly powerful computers are able to attack the algorithm, NIST is announcing that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms. “We recommend that anyone relying on SHA-1 for security migrate to SHA-2 or SHA-3 as soon as possible,” said NIST computer scientist Chris Celi.
> The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.
> The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S. Department of Agriculture (USDA) have released a joint Cybersecurity Advisory (CSA) detailing recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food products and ingredients valued at hundreds of thousands of dollars. The joint CSA analyzes the common tactics, techniques, and procedures (TTPs) utilized by criminal actors to spoof emails and domains to impersonate legitimate employees and order goods that went unpaid and were possibly resold at devalued prices with labeling that lacked industry standard “need-to-knows” (i.e., necessary information about ingredients, allergens, or expiration dates).
-- Response ended
-- Page fetched on Thu Jun 13 17:41:22 2024