Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Sep 17, 2023

Programming Leftovers

Gemini Articles of Interest

GitHub fixes race condition that could have led to ‘repojacking’

↺ GitHub fixes race condition that could have led to ‘repojacking’

> A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked

Browser companies patch critical zero-day vulnerability

↺ Browser companies patch critical zero-day vulnerability

> While attack details remain unknown, Chrome, Edge and Firefox users are being urged to update their browsers as an exploit for CVE-2023-4863 lurks in the wild.

Google, Microsoft and Mozilla push browser updates to foil zero-day

↺ Google, Microsoft and Mozilla push browser updates to foil zero-day

> Google, Microsoft and Mozilla have all moved to patch a critical zero-day flaw affecting their browsers and potentially linked to the dissemination of malicious commercial spyware.

Zero-day affecting Chrome, Firefox and Thunderbird patched

↺ Zero-day affecting Chrome, Firefox and Thunderbird patched

> Mozilla on Tuesday patched an actively exploited zero-day bug affecting the Firefox browser and Thunderbird email client.

Harden Ubuntu Server to Secure Your Container and Other Deployments

↺ Harden Ubuntu Server to Secure Your Container and Other Deployments

> Ubuntu Server is one of the more popular operating systems used for container deployments.

When data becomes dangerous, and what to do about it

↺ When data becomes dangerous, and what to do about it

> Casmer spoke with theCUBE industry analyst Lisa Martin at the “Cybersecurity” AWS Startup Showcase event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They dove deep into how data becomes dangerous and discussed how to ensure data is safe to use. (* Disclosure below.)

Windows TCO

Las Vegas strip club offers free lap dances to customers affected by MGM Resorts cyberattack

↺ Las Vegas strip club offers free lap dances to customers affected by MGM Resorts cyberattack

> One strip club in Las Vegas is offering free lap dances to customers who are impacted by a cyberattack at MGM Resorts.

> Larry Flynt’s Hustler Club in Las Vegas says it’s offering free luggage storage and airport pickup for people who experience delays in check-in, as well as a complimentary $1,200 platinum VIP membership and lap dances, according to TMZ.

Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty

↺ Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty

> According to the Justice Department, Pankov made at least $350,000 from cybercrime activities between 2016 and 2019. He is believed to have developed and sold NLBrute, a tool that has been widely used by cybercriminals to obtain credentials.

> Pankov was charged with using NLBrute to obtain the login credentials of tens of thousands of computers located all over the world.

MGM [Crackers] Broadening Targets, Monetization Strategies

↺ MGM [Crackers] Broadening Targets, Monetization Strategies

> In addition to smishing and social engineering, the group was also observed using a credential harvesting tool, thoroughly searching through a victim’s internal systems to identify valid login information, using publicly available tools to harvest credentials from internal GitHub repositories, and the open source tool MicroBurst to identify Azure credentials and secrets.

gemini.tuxmachines.org