Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Apr 13, 2023,

updated Apr 13, 2023

=> Open Hardware: Linux-powered TVs, Raspberry Pi, ESP32, Volla Phone, and More | today's howtos

Google Cloud beefs up open-source software security with Assured OSS packages [Ed: Google puts back doors in things. Don't position it in a role where it gets to say which Free software is "safe" and which is "unsafe" (sigStore).]

=> ↺ Google Cloud beefs up open-source software security with Assured OSS packages

Google Cloud wants to help improve the security of the most widely used open-source software, and to do so it's making its Assured Open Source Software service generally available for Java and Python ecosystems.

Google Cloud offers Assured Open Source Software for free [Ed: Don't fall for it. Google works for the state, which mandates back doors. Google and Microsoft (NPM/GitHub) are not suitable stewards.]

=> ↺ Google Cloud offers Assured Open Source Software for free

In the face of growing risks from open-source software dependencies, Google Cloud is releasing its Assured Open Source Software (Assured OSS) service for Java and Python ecosystems at no cost.

Fortinet Patches Critical Vulnerability in Data Analytics Solution

=> ↺ Fortinet Patches Critical Vulnerability in Data Analytics Solution

A critical vulnerability in Fortinet’s FortiPresence data analytics solution leads to remote, unauthenticated access to Redis and MongoDB instances.

400,000 Users Hit by Data Breach at Media Player Maker Kodi

=> ↺ 400,000 Users Hit by Data Breach at Media Player Maker Kodi

Media player maker Kodi has started rebuilding its user forum after hackers stole databases containing user posts, messages, and login credentials.

Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks

=> ↺ Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks

A Windows zero-day tracked as CVE-2023-28252 and fixed by Microsoft with its April Patch Tuesday updates has been exploited in Nokoyawa ransomware attacks.

Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware [Ed: Microsoft is commendeering or serring the agenda at Citizen Lab now?]

=> ↺ Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware

Microsoft and Citizen Lab release information on the activities, malware and victims of Israeli spyware vendor QuaDream.

Remotely Exploitable Chromium DoS, Info Disclosure Vulns Fixed

=> ↺ Remotely Exploitable Chromium DoS, Info Disclosure Vulns Fixed

[...]

Many of the vulnerabilities have been rated by the National Vulnerability Database as having a critical or high severity, and have a high confidentiality, integrity and availability impact.

Cybersecurity teams struggle to monitor vulnerabilities amid budget cuts and layoffs

=> ↺ Cybersecurity teams struggle to monitor vulnerabilities amid budget cuts and layoffs

Penetration testing-as-a-service company Cobalt Labs Inc. detailed in a new report today the impact of budget cuts and talent shortages in the cybersecurity industry and it's not good news: Cyber teams are struggling to manage the remediation process and monitor for vulnerabilities.

FBI Advising People to Avoid Public Charging Stations

=> ↺ FBI Advising People to Avoid Public Charging Stations

The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices: [...]

=> ↺ FBI is warning people

=> ↺ FBI is warning people

Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers

=> ↺ Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers

3CX has confirmed previous reports that the recently disclosed supply chain attack was likely conducted by North Korean hackers.

SAP Patches Critical Vulnerabilities in Diagnostics Agent, BusinessObjects

=> ↺ SAP Patches Critical Vulnerabilities in Diagnostics Agent, BusinessObjects

Two critical vulnerabilities in SAP Diagnostics Agent allow attackers to execute malicious commands on all monitored systems.

=> gemini.tuxmachines.org