Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Apr 14, 2024

Today in Techrights

AnberDeck mod turns Anbernic RG353V game system into a handheld Linux terminal

Security Week ☛ State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls

↺ State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls

> A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.

Security Week ☛ Palo Alto Networks Warns of Exploited Firewall Vulnerability

↺ Palo Alto Networks Warns of Exploited Firewall Vulnerability

> Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls.

Security Week ☛ Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars

↺ Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars

> Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar.

Bloomberg ☛ Orrick to Pay $8 Million to Settle Data Breach Class Claims

↺ Orrick to Pay $8 Million to Settle Data Breach Class Claims

> Orrick, Herrington & Sutcliffe LLP will pay $8 million to settle consolidated class action claims over a data breach that impacted approximately 461,100 people.

> Class counsel asked the US District Court for the Northern District of California to approve the settlement in an unopposed motion filed Thursday.

> The agreement also calls for an award of attorneys’ fees of up to 25% of the settlement fund, and costs up to $50,000. The lead plaintiffs may seek service awards up to $2,500 each under the terms of the agreement.

Small physician groups particularly vulnerable after Change Healthcare cyberattack; some consider bankruptcy

↺ Small physician groups particularly vulnerable after Change Healthcare cyberattack; some consider bankruptcy

> Marty Stempniak reports that physician practices are struggling from the financial impact of the Change Healthcare cyberattack in February. Smaller physician practices may be particularly hard-hit, with some considering closing, according to new data from the American Medical Association (AMA).

Linux-Shaming (Mostly Misdirection of Blame)

Vox ☛ A hack nearly gained access to millions of computers. Here’s what we should learn from this.

↺ A hack nearly gained access to millions of computers. Here’s what we should learn from this.

> The internet is far less secure than it ought to be.

Medium ☛ New Spectre v2 Vulnerability Threatens Linux Systems on Intel CPUs [Ed: It's not the fault of Linux; this hardware is just defective by design]

↺ New Spectre v2 Vulnerability Threatens Linux Systems on Intel CPUs

> Researchers have uncovered a new variant of the Spectre v2 attack, a security flaw impacting Linux systems running on modern Intel processors. This variant dubbed the “first native Spectre v2 exploit,” leverages speculative execution to potentially steal sensitive data from the system kernel.

Notebook Check ☛ New Linux kernel vulnerability grants attackers root privileges

↺ New Linux kernel vulnerability grants attackers root privileges

> The vulnerability is categorised as CVE-2023-6546 in Red Hat's bug tracker and is assigned a high priority and severity rating.

Windows TCO

Security Week ☛ ‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages

↺ ‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages

> A critical vulnerability in multiple programming languages allows attackers to inject commands in backdoored Windows applications.

Security Week ☛ Threat Actors Manipulate Microsoft's proprietary prison GitHub Search to Deliver Malware

↺ Threat Actors Manipulate Microsoft's proprietary prison GitHub Search to Deliver Malware

> Checkmarx warns of a new attack relying on Microsoft's proprietary prison GitHub search manipulation to deliver malicious code.

gemini.tuxmachines.org