-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Apr 12, 2023
> NTP security, transition mechanisms, TCP delayed ACKs, alternate name systems, and more from IETF 116.
> Adobe documents 56 security defects in multiple products, some serious enough to expose Windows and macOS users to code execution attacks.
> TL;DR Google dorks found me an exploited DigitalOcean subdomain takeover on London Councils’ .gov.uk domain It used a meta refresh to redirect to a site hosting unprovenanced PDFs...
> Microsoft issued a patch for a zero-day that researchers at Kaspersky said was used to deliver Nokoyawa ransomware.
> CISA Director Jen Easterly said the agency plans to release the principles this week to encourage more safe coding practices.
> Narang said while this was the only flaw exploited in the wild, Microsoft has rated nearly 90% of the vulnerabilities as Exploitation Less Likely, while just 9.3% of flaws were rated as Exploitation More Likely.
> For the second month in a row, Microsoft patches an already-exploited vulnerability in its flagship Windows operating system.
> This month we got patches for 114 vulnerabilities. Of these, 7 are critical, and 1 is already being exploited, according to Microsoft.
> Google LLC is releasing an application programming interface that will enable developers to scan the open-source code they use for vulnerabilities and other issues. The deps.dev API, as it’s called, debuted today. It extends an open-source cybersecurity project called deps.dev that Google launched in 2021.
> New reports released today from Microsoft Corp. and Citizen Lab...
> Microsoft Azure shared key authorization can be exploited to access business data and achieve remote code execution.
> Siemens and Schneider Electric’s Patch Tuesday advisories for April 2023 address a total of 38 vulnerabilities found in their products.
> At least five civil society victims of QuaDream’s spyware and exploits were identified in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. Traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware.
> Our expert helps a reader whose bank details were compromised
> Look out for a scam email that claims the phone number on your account has been changed
> Follow these tips to spot and avoid phishing calls and messages
> Car thieves are injecting malicious software into a car's network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby.
> News articles.
> KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.
> Three days after announcing patches for new zero-days affecting iOS and macOS, Apple released fixes for devices running older operating system versions.
-- Response ended
-- Page fetched on Thu Jun 13 11:00:33 2024