Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Oct 27, 2022

=> Hans de Goede and Drew DeVault Kernel Hacking (UPDATED) | Android Leftovers

Running sudo without updating cached credentials | Sudo

=> ↺ Running sudo without updating cached credentials | Sudo

One of the recurring questions at conferences was whether there is a way to check cached sudo credentials without updating them. Version 1.9.12 of sudo introduces the -N option which makes this possible, and also allows running any commands without updating the cached credentials.

Security updates for Thursday

=> ↺ Security updates for Thursday

Security updates have been issued by CentOS (389-ds-base, bind, expat, java-1.8.0-openjdk, java-11-openjdk, libksba, and squid), Debian (chromium, libdatetime-timezone-perl, tzdata, and wordpress), Fedora (dbus, dhcp, dotnet3.1, jhead, samba, and strongswan), Mageia (virtualbox), Oracle (device-mapper-multipath), Scientific Linux (device-mapper-multipath and thunderbird), Slackware (curl), SUSE (container-suseconnect, curl, kernel, libmad, libtasn1, libtirpc, qemu, rubygem-puppet, SUSE Manager Client Tools, and telnet), and Ubuntu (curl, linux-intel-iotg, and mysql-5.7).

Ransomware: Open Source to the Rescue [Ed: Microsoft Windows TCO]

=> ↺ Ransomware: Open Source to the Rescue

In the US, Colonial pipeline is seeking tax reductions from the loss incurred by the 2021 ransomware campaign they were victims of. But wait… to what extent is the government (and, by extension, every taxpayer) is then indirectly sponsoring cybercrime?

Researchers Expose Over 80 ShadowPad Malware C2 Servers[Ed: Microsoft Windows TCO]

=> ↺ Researchers Expose Over 80 ShadowPad Malware C2 Servers

British Hacker Charged for Operating "The Real Deal" Dark Web Marketplace

=> ↺ British Hacker Charged for Operating "The Real Deal" Dark Web Marketplace

Furthermore, the indictment accuses Kaye of conniving with one or more persons going by the name "thedarkoverlord" to sell Social Security numbers, not to mention launder the cryptocurrency proceeds of the sale through mixing services like Bitmixer.io to obscure the money trails.

CISA Releases Four Industrial Control Systems Advisories | CISA

=> ↺ CISA Releases Four Industrial Control Systems Advisories | CISA

CISA has released four (4) Industrial Control Systems (ICS) advisories on October 27, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

=> gemini.tuxmachines.org

Proxy Information

Original URL: gemini://gemini.tuxmachines.org/n/2022/10/27/Security_Leftovers.2.gmi
Status Code: Success (20)
Meta: text/gemini;lang=en-GB
Capsule Response Time: 143.694867 milliseconds
Gemini-to-HTML Time: 0.988949 milliseconds

This content has been proxied by September (3851b).