Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Nov 23, 2022

=> today's howtos | Servers: Kubernetes, Server-side WebAssembly, and More

Security updates for Wednesday [LWN.net]

=> ↺ Security updates for Wednesday [LWN.net]

Security updates have been issued by Debian (heimdal, libarchive, and nginx), Fedora (varnish-modules and xterm), Red Hat (firefox), Scientific Linux (firefox, hsqldb, and thunderbird), SUSE (Botan, colord, containerized-data-importer, ffmpeg-4, java-1_8_0-ibm, krb5, nginx, redis, strongswan, tomcat, and xtrabackup), and Ubuntu (apr-util, freerdp2, and sysstat).

QSB-087: Qrexec: Injection of unsanitized data into log output | Qubes OS

=> ↺ QSB-087: Qrexec: Injection of unsanitized data into log output | Qubes OS

We have just published Qubes Security Bulletin (QSB) 087: Qrexec: Injection of unsanitized data into log output. The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack). More information about QSBs, including a complete historical list, is available here.

Hive ransomware actors have amassed $100m from 1,300 businesses: CIS [Ed: Microsoft Windows TCO]

=> ↺ Hive ransomware actors have amassed $100m from 1,300 businesses: CIS

Hive's ransomware affiliates have been seen attacking vulnerabilities in Microsoft Exchange Server and Fortinet VPNs

Ransomware incidents now make up majority of British government’s crisis management 'Cobra' meetings - The Record by Recorded Future [Ed: Microsoft Windows TCO]

=> ↺ Ransomware incidents now make up majority of British government’s crisis management 'Cobra' meetings - The Record by Recorded Future

Ransomware incidents in the United Kingdom are now so impactful that the majority of the British governments recent Cobra crisis management meetings have been convened in response to them rather than other emergencies.

=> gemini.tuxmachines.org