-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
FUD and Security
Posted by Roy Schestowitz on Jun 18, 2023
ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC [Ed: It's not "Linux Backdoor"; it's intentional misreporting by a Microsoft-friendly FUD site]
> The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling.
In Other News: Linux Kernel Exploits, Update on BEC Losses, Cybersecurity Awareness Act [Ed: "Bug bounties for Linux kernel exploits" became just "Linux Kernel Exploits" in the headline]
> Cybersecurity news that you may have missed this week: Bug bounties for Linux kernel exploits, Cybersecurity Awareness Act, FBI data on BEC losses.
Ubuntu 22.10 Kinetic Kudu dies on July 20, upgrade now [Ed: Now "dies", just not officially patched]
> Canonical has said Ubuntu 22.10 Kinetic Kudu will reach end of life on July 20.
US Energy Dept gets two ransom notices as MOVEit hack claims more victims
> The U.S. Department of Energy got ransom requests from the Russia-linked extortion group Cl0p at both its nuclear waste facility and scientific education facility that were recently hit in a global hacking campaign, a spokesperson said on Friday.
> The DOE contractor Oak Ridge Associated Universities and the Waste Isolation Pilot Plant, the New Mexico-based facility for disposal of defense-related radioactive nuclear waste, were hit in the attack, which was first reported on Thursday.
Data breach at Public Appointments Service involving 15,000 people
> The personal information of 15,471 candidates for public roles has been released in error by the Public Appointments Service (PAS).
> A message was sent to the affected candidates through the publicjobs.ie portal notifying the candidates affected their names and jobs alert notifications they had subscribed to may have been provided to other candidates.
Healthcare and Public Health Sector Cybersecurity Notification: #TimisoaraHackerTeam Analysis
BlackCat claims they hacked Reddit and will leak the data
> In our last email to them, we stated that we wanted $4.5 million in exchange for the deletion of the data and our silence. As we also stated, if we had to make this public, then we now demand that they also withdraw their API pricing changes along with our money or we will leak it.
> We expect to leak the data.
2023-06-12 [Older] Fortinet Releases Security Updates for FortiOS and FortiProxy
2023-06-13 [Older] Adobe Releases Security Updates for Multiple Products
2023-06-13 [Older] Cisco Releases Security Advisories for Multiple Products
2023-06-13 [Older] Microsoft Releases June 2023 Security Updates
2023-06-15 [Older] Barracuda Networks Releases Update to Address ESG Vulnerability
2023-06-15 [Older] CISA, FBI, and MS-ISAC Update Joint CSA on Progress Telerik Vulnerabilities
2023-06-15 [Older] CISA Releases Fourteen Industrial Control Systems Advisories
2023-06-15 [Older] SUBNET PowerSYSTEM Center
2023-06-15 [Older] Advantech WebAccess/SCADA
2023-06-15 [Older] Siemens SIMOTION
2023-06-15 [Older] Siemens SIMATIC WinCC
2023-06-15 [Older] Siemens SIMATIC WinCC V7
2023-06-15 [Older] Siemens SIMATIC STEP 7 and Derived Products
2023-06-15 [Older] Siemens Solid Edge
2023-06-15 [Older] Siemens SIMATIC S7-1500 TM MFP BIOS
2023-06-15 [Older] Siemens SINAMICS Medium Voltage Products
2023-06-15 [Older] Siemens SICAM A8000 Devices
2023-06-14 [Older] CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs)
2023-06-13 [Older] CISA Adds One Known Exploited Vulnerability to Catalog
2023-06-13 [Older] CISA Issues BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces
2023-06-13 [Older] CISA Releases Four Industrial Control Systems Advisories
2023-06-13 [Older] Fortinet Releases June 2023 Vulnerability Advisories
2023-06-13 [Older] Datalogics Library Third-Party
2023-06-13 [Older] Rockwell Automation FactoryTalk Services Platform
2023-06-13 [Older] Rockwell Automation FactoryTalk Edge Gateway
2023-06-13 [Older] Rockwell Automation FactoryTalk Transaction Manager
2023-06-15 [Older] Progress Software Releases Security Advisory for MOVEit Transfer Vulnerability
-- Response ended
-- Page fetched on Sat Jun 15 02:10:23 2024