Tux Machines
Posted by Roy Schestowitz on Mar 22, 2023
=> PostgreSQL: CloudNativePG Releases, JDBC 42.6.0, and pgBadger 12.1 | today's howtos
=> ↺ Not applying updates? You're doing it wrong
All your excuses for not doing updates—from fear of downtime to concerns about testing—are wrong.
=> ↺ QSB-088: Two Xen issues affecting PV (stub-)domains (XSA-428, XSA-429)
We have published Qubes Security Bulletin (QSB) 088: Two Xen issues affecting PV (stub-)domains (XSA-428, XSA-429). The text of this QSB and its accompanying cryptographic signatures are reproduced below. For an explanation of this announcement and instructions for authenticating this QSB, please see the end of this announcement.
=> ↺ Qubes Security Bulletin (QSB) 088: Two Xen issues affecting PV (stub-)domains (XSA-428, XSA-429)
=> ↺ Qubes Security Bulletin (QSB) 088: Two Xen issues affecting PV (stub-)domains (XSA-428, XSA-429)
=> ↺ XSAs released on 2023-03-21
The Xen Project has released one or more Xen security advisories (XSAs). The security of Qubes OS is affected. Therefore, user action is required.
=> ↺ Xen Project | ↺ Xen security advisories (XSAs)
The following XSAs do affect the security of Qubes OS:
=> ↺ Xen Project | ↺ Xen security advisories (XSAs)
=> ↺ Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
The Play ransomware gang has published data stolen from Dutch maritime services company Royal Dirkzwager.
=> ↺ Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
Mandiant has conducted an analysis of the zero-day vulnerabilities disclosed in 2022 and over a dozen were linked to cyberespionage groups.
=> ↺ Malicious NuGet Packages Used to Target .NET Developers
Software developers have been targeted in a new attack via malicious packages in the NuGet repository.
=> ↺ Fear of feds leads to stolen data site BreachForums being shut down
The new admin, who goes by the handle Baphomet, said in a statement posted on the forum that shutting down the sire was the only safe decision after it had been confirmed that the FBI had access to the machine of Pompompurin, the original administrator of the site.
=> ↺ Ferrari discloses ‘cyber incident’ that involved a ransom demand
Italian vehicle manufacturer Ferrari S.p.A. has disclosed that it has suffered a "cyber incident" that involved a threat actor with a ransom demand related to certain client contact details. Upon receipt of the ransom demand, the company launched an investigation with an outside cybersecurity firm.
=> ↺ Hackers increasingly use phone and email harassment to extort ransom payments
=> ↺ Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
A vulnerability in Google Pixel phones allows for the recovery of an original, unedited screenshot from the cropped version.
=> ↺ Forbes Cybersecurity Trends For 2023 Meet Purism Supply Chain Security Standards!
PureOS Offers End-to-End Supply Chain Software and Firmware Security According to the Forbes Article, “Cybersecurity Trends - Statistics for 2023”, there are eight macro risks to watch out for in 2023 according to the Bipartisan Policy Research Center which include the following: Evolving Geopolitical Environment- Supply chain threats due to the Russian Ukraine war.
=> ↺ Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
Industrial organizations using HMI and SCADA products from Aveva have been informed about potentially serious vulnerabilities.
=> ↺ Ferrari Says Ransomware Attack Exposed Customer Data
Ferrari said that a ransomware attack was responsible for a data breach that exposed customer details, but did not impact company operations.
=> ↺ Hacker tied to D.C. Health Link breach says attack ‘born out of Russian patriotism’
The hacker who took responsibility for the D.C. Health Link breach claims to have targeted U.S. politicians out of allegiance for Russia.
=> gemini.tuxmachines.org This content has been proxied by September (3851b).Proxy Information
text/gemini;lang=en-GB