Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jul 18, 2023

Multimedia/Shows: MakuluLinux, Destination Linux, and Late Night Linux

NVIDIA 535.86.05 Linux Graphics Driver Improves Wayland Support, Fixes Bugs

Embracing Consolidation and Squashing Silos

↺ Embracing Consolidation and Squashing Silos

> While silos pose significant dangers to an enterprise's cybersecurity posture, consolidation serves as a powerful solution to overcome these risks, offering improved visibility, efficiency, incident response capabilities, and risk management.

Owner of Cybercrime Website BreachForums Pleads Guilty

↺ Owner of Cybercrime Website BreachForums Pleads Guilty

> Conor Brian Fitzpatrick, the owner of the infamous cybercrime website BreachForums, has pleaded guilty in a US court.

SOHO Router-Targeting Botnet AVrecon Infiltrates More Than 70,000 Devices in 20 Countries: How Dangerous Is This Malware Strain? [Ed: They try to twist this as a "linux" issue rather than SOHO issue]

↺ SOHO Router-Targeting Botnet AVrecon Infiltrates More Than 70,000 Devices in 20 Countries: How Dangerous Is This Malware Strain?

> A stealthy Linux malware called AVrecon has been infecting over 70,000 small office/home office (SOHO) routers, creating a botnet primarily aimed at stealing bandwidth and operating as a hidden residential proxy service.

What You Need to Know about Open-Source Software Supply Chain Security

↺ What You Need to Know about Open-Source Software Supply Chain Security

> Whenever you buy something, you receive the product of a massive collaboration, not just one company. That shirt started as raw materials at cotton farms that passed through logistics providers to get to manufacturers, who sent it through more trucking companies to land at a retailer. Just as physical products pass through this supply chain, so does software.

MOVEit Hack: Number of Impacted Organizations Exceeds 340

↺ MOVEit Hack: Number of Impacted Organizations Exceeds 340

> The number of entities impacted by the MOVEit hack — either directly or indirectly — reportedly exceeds 340 organizations and 18 million individuals.

Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw

↺ Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw

> Adobe patches critical code execution vulnerability in ColdFusion for which a proof-of-concept (PoC) blog exists.

Fortescue Metals admits it suffered breach, Cl0p claims credit

↺ Fortescue Metals admits it suffered breach, Cl0p claims credit

> "Importantly, our investigations showed that this information was not confidential in nature.

> "We notified the Australian Cyber Security Centre of the incident, and our internal investigation and remediation actions are now complete."

> Cl0P did not provide any further details about the quantum of data stolen, if any.

> It is unclear whether Cl0p attacked Fortescue through the secure managed file transfer software MOVEit Transfer or through some other vector.

Google virus database VirusTotal leaks subscriber information: report

↺ Google virus database VirusTotal leaks subscriber information: report

> The magazine said confidential information from the German Federal Office for Information Security or BSI had also been uploaded to the database.

↺ said

> Der Spiegel said it had verified that the names on the leaked list were authentic. "Twenty accounts alone lead to the Cyber Command of the USA, part of the American military and a hub for offensive and defensive hacking operations," the report said.

↺ said

Kali Linux and Man-in-the-Middle Attacks: Empowering Ethical Hackers

↺ Kali Linux and Man-in-the-Middle Attacks: Empowering Ethical Hackers

> Man in the middle attack is the most popular and dangerous attack in Local Area Network.

gemini.tuxmachines.org