-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Jul 15, 2023
> Security updates have been issued by Debian (lemonldap-ng and php-dompdf), Red Hat (.NET 6.0, .NET 7.0, firefox, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (ghostscript, installation-images, kernel, php7, python, and python-Django), and Ubuntu (linux-azure, linux-gcp, linux-ibm, linux-oracle, mozjs102, postgresql-9.5, and tiff).
> A sex abuse survivor is one of “around 400” victims of a “chilling” data breach, it tonight has emerged.
> The London Mayor’s Office blunder, currently under investigation, involves complaints about policing in the capital being made wrongly accessible via an official website. The survivor of sexual abuse has described her distress tonight.
> The probe centres on the London Mayor’s Office online forms which were hosted by the Greater London Authority’s website.
> Hillsborough County has notified more than 70,000 people that a global data breach may have put their personal information at risk.
> The breach involved the MOVEit file transfer tool, a third-party service that complies with federal Health Insurance Portability and Accountability Act (HIPAA) regulations.
> The breach also may have affected 106 people employed by a dozen vendors used by the county’s Aging Services Department.
> Citrix addressed a critical vulnerability, tracked as CVE-2023-24492 (CVSS score of 9.6), affecting the Secure Access client for Ubuntu that could be exploited to achieve remote code execution.
> An attacker can trigger the vulnerability by tricking the victim into opening a specially crafted link and accepting further prompts.
> The siloed security of traditional SAP environments is reaching its limits in an era of increasing interconnectivity between SAP and non-SAP systems. Will this lead to compromises in process landscape security?
> The answer is no. Established security layers from the open source and Linux world are also certified for SAP landscapes. Supported by an automated solution, they can even simplify and increase IT security. There are many tried and tested features available for Linux that also improve IT security in a sustainable manner, which can now be increasingly curated and certified for use in SAP landscapes.
> Cybersecurity researchers and threat actors are targeted by a fake proof of concept (PoC) CVE-2023-35829 exploit that installs a Linux password-stealing malware.
> Uptycs analysts discovered the malicious PoC during their routine scans when detection systems flagged irregularities such as unexpected network connections, unauthorized system access attempts, and atypical data transfers.
> In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method.
They're not Linux routers, the issue is further up the stack, sometimes bad passwords. Anything to distract from what Microsoft just did to the US government? https://www.bleepingcomputer.com/news/security/avrecon-malware-infects-70-000-linux-routers-to-build-botnet/
> "We suspect the threat actor focused on the type of SOHO devices users would be less likely to patch against common vulnerabilities and exposures (CVEs)," Black Lotus Labs said.
-- Response ended
-- Page fetched on Thu Jun 13 15:30:50 2024