-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Aug 05, 2023
> Last week, my spam trap caught an e-mail with LNK attachment, which turned out to be quite interesting.
> Microsoft claims it has completely fixed a critical security issue in its Azure cloud platform, found in March by researchers from security firm Tenable, who then told Microsoft about it. Tenable chief executive and chairman Amit Yoran had claimed in a blog post on Wednesday that it took more than 90 days for Microsoft to effect a partial fix.
> This is a classic problem: One day, you create an account on a website (ex: an online shop), and later, this website is compromised. All credentials are collected and shared by the attacker. To reduce this risk, a best practice is to avoid password re-use (as well as to not use your corporate email address for non-business-related stuff).
> Exploitation of the Ivanti EPMM flaw CVE-2023-35078 is picking up as a new critical vulnerability tracked as CVE-2023-35082 is disclosed.
> Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.
> CISA disclosed 670 ICS vulnerabilities in the first half of 2023, but roughly one-third have no patches or mitigations from the vendor.
> Security updates have been issued by CentOS (bind and kernel), Debian (cjose, firefox-esr, ntpsec, and python-django), Fedora (chromium, firefox, librsvg2, and webkitgtk), Red Hat (firefox), Scientific Linux (firefox and openssh), SUSE (go1.20, ImageMagick, javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags, kernel, openssl-1_1, pipewire, python-pip, and xtrans), and Ubuntu (cargo, rust-cargo, cpio, poppler, and xmltooling).
> Onwuchekwa Nnanna Kalu, 39, a Nigerian National from Rivers State, Nigeria, pleaded guilty today to stealing $1.25 million from an investment firm located in Boston, through a business email compromise (“BEC”) scam. The plea was announced by U.S. Attorney Matthew M. Graves and Acting Special Agent in Charge David Geist, of the FBI Washington Field Office's Criminal and Cyber Division.
> Nnanna Kalu pleaded guilty in the District of Columbia to one count of wire fraud. U.S. District Court Judge Randolph D. Moss scheduled a sentencing hearing for November 29, 2023. Kalu was arrested in 2022 and has been detained by the Court as a risk of flight.
> A news release issued by the Colorado Department of Higher Education is notifying the public of a “data incident.”
> KKTV 11 News is working to learn more about the situation, but the release reads as follows:
> The Colorado Department of Higher Education (“CDHE”) is providing notice of a cybersecurity incident that may involve the personal information of certain individuals. CDHE is providing information about the measures it has taken in response to the incident, and steps impacted individuals may take to protect themselves against possible misuse of information.
-- Response ended
-- Page fetched on Sat Jun 1 07:27:59 2024