Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Apr 15, 2023,

updated Apr 15, 2023

Programming Leftovers

Databases and Storage With Free Software

Australian and New Zealand organisations ‘paid up’ in Ransomware Attacks: Report [iophk: Windows TCO]

↺ Australian and New Zealand organisations ‘paid up’ in Ransomware Attacks: Report

> Organisations experienced a significant increase in ransomware – from an average of four attacks over five years in 2021 versus four attacks over the course of one year in 2022 - and of those who fell victim, 82% admitted to paying the ransom at least once, according to a new research report.

Google Warns of New Chrome Zero-Day Attack

↺ Google Warns of New Chrome Zero-Day Attack

> The high-severity vulnerability, tracked as CVE-2023-2033, is described as a type confusion in the Chrome V8 JavaScript engine.

> “Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the company said in a barebones advisory that credits Clément Lecigne of Google’s Threat Analysis Group for reporting the issue.

Why is ‘Juice Jacking’ Suddenly Back in the News?

↺ Why is ‘Juice Jacking’ Suddenly Back in the News?

Be Skeptical of FBI Warnings About Phone Chargers

↺ Be Skeptical of FBI Warnings About Phone Chargers

> Your phone is designed to communicate safely with lots of things – chargers , web sites, Bluetooth devices such as earbuds or speakers, Wi-Fi, and even other phones, for instance when sending and receiving text messages. If doing any of these normal phone things can give your phone malware, that is a security vulnerability (which is a type of bug).

> Security vulnerabilities happen with some frequency. That is why your phone prompts you to update your software so often – the makers of its software find out about bugs and fix them.

> So, when you hear a report that public chargers are giving people malware, you should ask “what is the vulnerability being used, and when will it be fixed?” as well as “how widespread is the problem? How many people are affected?” Unfortunately, the periodic reports of “juice jacking” never have such details, usually because they are recycled from earlier reports which themselves lack details.

CAN Injection: keyless car theft

↺ CAN Injection: keyless car theft

> This is a detective story about how a car was stolen - and how it uncovered an epidemic of high-tech car theft. It begins with a tweet. In April 2022, my friend Ian Tabor tweeted that vandals had been at his car, pulling apart the headlight and unplugging the cables.

Kernels Updated

↺ Kernels Updated

> Kernels 6.2.11, 6.1.24 LTS and 5.15.107 LTS have been updated for PCLinuxOS and are now available in the Synaptic Software Repository.

gemini.tuxmachines.org