Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jul 23, 2023

today's howtos

Shotwell 0.32.2 Image Viewer Adds Support for HEIF Files with .HIF Extension

2023-07-19 [Older] Cyber Resilience Act & Free Software: Parliament waters down its own position

↺ 2023-07-19 [Older] Cyber Resilience Act & Free Software: Parliament waters down its own position

Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps

↺ Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps

> China-linked APT actors could have single-hop access to the gamut of Microsoft cloud services and apps, including SharePoint, Teams, and OneDrive, among many others.

Azure breach: Microsoft okays Wiz post on continued danger, then denies it

↺ Azure breach: Microsoft okays Wiz post on continued danger, then denies it

> The company is mentioned in that same post as having checked the content for technical accuracy. Shir Tamari, a researcher from cloud security firm Wiz, said very clearly: "..we want to thank the Microsoft team for working closely with us on this blog and helping us ensure it is technically accurate."

↺ that same post

> Microsoft's obfuscation was made to the CIA-funded site, The Record. The software giant has not put out any official post on this. While some others have pointed out the company's double-speak on the issue, no American tech site has written it up and focused on the fact that Microsoft is saying one thing now, having said precisely the opposite earlier.

↺ obfuscation

> The Record quotes a Microsoft spokesperson as saying: "Many of the claims made in this blog are speculative and not evidence-based. We’ve also recently expanded security logging availability, making it free for more customers by default, to help enterprises manage an increasingly complex threat landscape.”

↺ that same post

↺ obfuscation

Meet the Finalists for the 2023 Pwnie Awards

↺ Meet the Finalists for the 2023 Pwnie Awards

> Hosts Sophia d'Antoine and Ian Roos presented the list at Summercon in Brooklyn, where they also handed out a surprise Lifetime Achievement Award.

Linux Kernel DoS, Privilege Escalation Bugs Fixed

↺ Linux Kernel DoS, Privilege Escalation Bugs Fixed

> Multiple significant security vulnerabilities have been discovered in the Linux kernel, including a remotely exploitable null pointer dereference flaw in the networking protocol (CVE-2023-3338), use-after-free vulnerabilities in kernel's netfilter subsystem in net/netfilter/nf_tables_api.c (CVE-2023-3390) and nft_chain_lookup_byid() (CVE-2023-31248), and an out-of-bounds read/write vulnerability (CVE-2023-35001). These bugs are easy to exploit and pose a severe risk to your system's confidentiality, integrity, and availability. As a result, they have received a National Vulnerability Database severity rating of ''High''.

gemini.tuxmachines.org