-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Jul 29, 2023
> Security updates have been issued by Debian (kernel and libmail-dkim-perl), Fedora (openssh), and SUSE (kernel).
> Kaspersky introduces support for Linux in their Kaspersky Embedded Systems Security product. This adaptable, multi-layered solution now provides optimized security for embedded Linux-based systems, devices and scenarios, in compliance with the rigorous regulatory standards so often applicable to these systems. The product provides optimum protection for every device it secures – whatever its power level – against the latest cyberthreats directed at today’s Linux systems.
> The Centers for Medicare and Medicaid (CMS) has posted a notice on its site about a data breach at one of its contractors, Maximus Federal Services, Inc. Maximus was one of hundreds of victims of a 0day attack on MOVEit file transfer software by the Clop ransomware gang.
> Maximus detected unusual activity on May 30 and reported the incident to CMS on June 2. CMS estimates that approximately 645,000 Medicare numbers had their information caught up in the attack.
↺ SSNDOB Marketplace Admin Pleads Guilty To Charges Related To His Operation Of A Series Of Websites
> July 25 — Tampa, Florida – United States Attorney Roger B. Handberg, along with Special Agent in Charge Kareem Carter for the IRS – Criminal Investigation Washington D.C. Field Office, and Special Agent in Charge David Walker for the FBI – Tampa Division, announces that Vitalii Chychasov (37, Ukraine) has pleaded guilty to conspiracy to commit access device fraud and trafficking in unauthorized access devices relating to his administration of SSNDOB Marketplace, a series of websites that operated for years and were used to sell personal information, including the names, dates of birth, and Social Security numbers belonging to individuals in the United States. The SSNDOB Marketplace has listed the personal information for millions of individuals in the United States, generating more than $19 million in sales revenue. On June 7, 2022, seizure orders were executed against the domain names of the SSNDOB Marketplace, effectively ceasing the website’s operation.
> Middle and high school students in the Lebanon School District are expected to receive their grades for the academic year that ended in June next week. The delayed release comes after some of the district’s key systems were taken offline as a precaution following a June cyberattack.
> PowerSchool, a student information database where students and families can go to see grades, is expected to be back online for families on Friday, Aug. 4, according to Superintendent Amy Allen, a former assistant superintendent in Manchester who started work in Lebanon on July 1. Report cards for elementary school students were sent home at the end of the school year, but older students have yet to receive their grades.
> An Axis network door controller vulnerability can be exploited to target facilities, exposing them to both physical and cyber threats.
> A spokesperson for Maximus' Australian operations told iTWire: "MAX, part of Maximus, does not use the MOVEit platform in Australia, and as a result, no MAX customers were impacted.”
> Cl0P now appears to have delisted Maximus from its web site, one of 11 companies whose names have been removed after being listed, according to ransomware threat researcher Brett Callow.
> {loadposition sam08}Set up in 1975, Maximus has more than 39.000 employers and its annual revenue is claimed to be US$4.25 billion (A$6.3 billion).
> The US Securities and Exchange Commission (SEC) wants public companies to be more transparent and forthcoming about “material cybersecurity incidents,” the federal agency said yesterday (July 26).
> The SEC has adopted new rules requiring public companies to disclose cybersecurity breaches that have a material impact within four days.
> Over 900,000 devices are impacted by an arbitrary code execution vulnerability in MikroTik RouterOS.
> New rules require publicly traded companies to disclose cybersecurity breaches within four days of them being deemed material.
> Director Christopher Wray said "AI will enable threat actors to develop increasingly powerful, sophisticated, customizable, and scalable capabilities."
> The best virtual private networks (VPNs) for Linux mask your IP address and encrypt your data to provide an enhanced level of privacy when working on the operating system, particularly when you’re connected to a public network. They also allow you to watch geo-blocked content and bypass censorship to access websites that might be disallowed due to your home IP address. Some even go a step further to provide firewall, antivirus, anti-rootkit and tripwire services.
> This review looks at the best Linux VPN clients for hiding your traffic from prying eyes and gaining access to additional content, or both. Read on to learn more about these services, including how they work and how to set them up.
> One thing stands as an unbroken fact in the broad digital ecosystem where data flows continuously and cyber dangers abound – the critical significance of protecting your Linux Virtual Private Server (VPS).
> A flaw was found in the handling of stack expansion in the Linux kernel 6.1 through 6.4, aka "Stack Rot". The maple tree, responsible for managing virtual memory areas, can undergo node replacement without properly acquiring the MM write lock, leading to use-after-free issues. An unprivileged local user could use this flaw to compromise the kernel and escalate their privileges.
> For those who are interested in the gory details of how the StackRot vulnerability works, Ruihan Li has posted a detailed writeup of the bug and how it can be exploited.
-- Response ended
-- Page fetched on Sat Jun 1 08:57:00 2024