Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Nov 10, 2022

=> 4 Best Free and Open Source GUI Image Compression Tools | Videos: Ubuntu Budgie 22.10, FreeBSD, All Things Open 2022, and More

Warning: New Massive Malicious Campaigns Targeting Top Indian Banks' Customers

=> ↺ Warning: New Massive Malicious Campaigns Targeting Top Indian Banks' Customers

Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones' Lock Screens

=> ↺ Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones' Lock Screens

Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices.

The vulnerability, tracked as CVE-2022-20465 and reported by security researcher David Schütz in June 2022, was remediated as part of the search giant's monthly Android update for November 2022.

Security updates for Thursday [LWN.net]

=> ↺ Security updates for Thursday [LWN.net]

Security updates have been issued by Debian (libjettison-java and xorg-server), Slackware (sysstat and xfce4), SUSE (python3 and xen), and Ubuntu (firefox).

Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products [Ed: When proprietary 'security' products are themselves the security hole]

=> ↺ Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products

Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway products that could be exploited to take control of affected systems.

CISA Releases SSVC Methodology to Prioritize Vulnerabilities | CISA

=> ↺ CISA Releases SSVC Methodology to Prioritize Vulnerabilities | CISA

Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization (SSVC), a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular system.

Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File [Ed: Microsoft (GitHub) is distributing malware again (while censoring perfectly legitimate projects and code for phony reasons)]

=> ↺ Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File

Even more troublingly, such malicious libraries can be incorporated into other open source projects and published on GitHub, effectively broadening the scope and scale of the attacks.

Cisco Releases Security Updates for Multiple Products | CISA

=> ↺ Cisco Releases Security Updates for Multiple Products | CISA

A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA Releases Twenty Industrial Control Systems Advisories | CISA

=> ↺ CISA Releases Twenty Industrial Control Systems Advisories | CISA

CISA has released twenty (20) Industrial Control Systems (ICS) advisories on November 10, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite | CISA

=> ↺ CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite | CISA

CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022.

=> gemini.tuxmachines.org