-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Apr 14, 2024
> A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.
> Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls.
> Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar.
> Orrick, Herrington & Sutcliffe LLP will pay $8 million to settle consolidated class action claims over a data breach that impacted approximately 461,100 people.
> Class counsel asked the US District Court for the Northern District of California to approve the settlement in an unopposed motion filed Thursday.
> The agreement also calls for an award of attorneys’ fees of up to 25% of the settlement fund, and costs up to $50,000. The lead plaintiffs may seek service awards up to $2,500 each under the terms of the agreement.
> Marty Stempniak reports that physician practices are struggling from the financial impact of the Change Healthcare cyberattack in February. Smaller physician practices may be particularly hard-hit, with some considering closing, according to new data from the American Medical Association (AMA).
> The internet is far less secure than it ought to be.
> Researchers have uncovered a new variant of the Spectre v2 attack, a security flaw impacting Linux systems running on modern Intel processors. This variant dubbed the “first native Spectre v2 exploit,” leverages speculative execution to potentially steal sensitive data from the system kernel.
> The vulnerability is categorised as CVE-2023-6546 in Red Hat's bug tracker and is assigned a high priority and severity rating.
> A critical vulnerability in multiple programming languages allows attackers to inject commands in backdoored Windows applications.
> Checkmarx warns of a new attack relying on Microsoft's proprietary prison GitHub search manipulation to deliver malicious code.
-- Response ended
-- Page fetched on Sat Jun 1 18:52:51 2024