-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Jul 14, 2023
> Multiple hardcoded accounts on the Technicolor TG670 DSL gateway router can be used to completely take over the impacted devices.
> Microsoft says a Chinese cyberespionage group tracked as Storm-0558 has used forged authentication tokens to access government emails.
> Dan Guido, CEO In March, I joined the Commodity Futures Trading Commission’s Technology Advisory Committee (TAC), helping the regulatory agency navigate the complexities of cybersecurity risks, particularly in emerging technologies like AI and blockchain. During the committee’s first meeting,
> Citrix has patched a critical-severity vulnerability in Secure Access client for Ubuntu that could lead to remote code execution (RCE).
> Fortinet patches a critical-severity vulnerability in FortiOS and FortiProxy that could lead to remote code execution.
> SAP on July 2023 Security Patch Day released 16 new security notes, including one addressing a critical vulnerability in ECC and S/4HANA (IS-OIL).
> The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to protect systems, data, and the network from compromise.
> National security adviser downplays a hack on Microsoft-hosted government email servers.
> Microsoft has revoked signed drivers used for post-exploitation activity, in many cases by Chinese cybercriminals.
> U.S. officials say state-backed Chinese hackers foiled Microsoft’s cloud-based security and hacked the email of officials at multiple U.S. agencies that deal with China ahead of Secretary of State Antony Blinken’s trip to Beijing last month. The surgical, targeted espionage accessed the mailboxes of a small number of individuals at an unspecified number of U.S. agencies and was discovered by the State Department. Officials said none of the breached systems were classified. The hack was disclosed late Tuesday by Microsoft, which said email accounts were haced at about 25 organizations globally beginning in mid-May. A U.S. official said the number of U.S. organizations impacted was in the single digits.
> Our summits are a unique gathering that brings together attendees from diverse projects, united by a shared vision of advancing the Reproducible Builds effort. During this enriching event, participants will have the opportunity to engage in discussions, establish connections and exchange ideas to drive progress in this vital field. Our aim is to create an inclusive space that fosters collaboration, innovation and problem-solving. We are thrilled to host the seventh edition of this exciting event, following the success of previous summits in various iconic locations around the world, including Venice, Marrakesh, Paris, Berlin and Athens.
> Crowdsourced cybersecurity startup Bugcrowd Inc. has today released a new report that found hackers are more skeptical than Silicon Valley investors when it comes to artificial intelligence.
> The email account of US Commerce Secretary Gina Raimondo was among a slew of accounts breached at both the State and Commerce Departments by attackers, claimed to be from China, who gained access through a vulnerability in Microsoft's Azure cloud platform.
> A statement from Dragos said Rockwell had analysed a novel exploit capability affecting select modules in ControlLogix EtherNet/IP communication module models, 1756-EN2, 1756-EN3 (CVE-2023-3595), and 1756-EN4 (CVE-2023-3596). The exploit was attributed to a state actor.
> Rockwell, one of the bigger providers of providers of industrial automation and digital transformation technologies, reported the two vulnerabilities to the US Cybersecurity and Infrastructure Security Agency.
> Dragos said it had worked in advance of the disclosure "to co-ordinate and help assess the extent of the threat".
> Today is Microsoft’s July 2023 Patch Tuesday, with security updates for 132 flaws, including six actively exploited and thirty-seven remote code execution vulnerabilities.
-- Response ended
-- Page fetched on Thu Jun 13 22:55:26 2024