Tux Machines
Posted by Roy Schestowitz on Apr 21, 2023
=> Microsoft Trouble, Front Group ('Linux' Foundation), and Ransomware Attack | Android Leftovers
=> ↺ Microsoft Will Name Threat Actors After Weather Events
Microsoft plans to use weather-themed naming of APT actors as part of a move to simplify the way threat actors are documented.
=> ↺ Optus sued by ‘vulnerable’ victims of data breach
Former and current customers whose personal information including key identity documents was compromised during the Optus data breach have launched a lawsuit against the telco.
=> ↺ Phylum Adds Open Policy Agent to Open Source Analysis Engine
The software supply chain security firm adds the Open Policy Agent to its risk analysis engine, increasing flexibility for the creation and enforcement of custom policies on the use of open source software.
=> ↺ VMware Patches Pre-Auth Code Execution Flaw in Logging Product
VMware warns of two critical vulnerabilities -- CVE-2023-20864 and CVE-2023-20865 -- in the VMware Aria Operations for Logs product.
=> ↺ Cisco Patches Critical Vulnerabilities in Industrial Network Director, Modeling Labs
Cisco this week released patches for critical-severity vulnerabilities impacting its Industrial Network Director and Modeling Labs applications.
=> ↺ Air Force Unit in Document Leaks Case Loses Intel Mission
The Air Force is investigating how a lone airman could access and distribute possibly hundreds of highly classified documents, and in the meantime has taken away the intelligence mission from the unit where the leaks took place
=> ↺ A brief look at SUSE’s CVE tracking process for automotive
What is a CVE? When a security vulnerability in a given software package becomes known, a response must be mounted in order to minimize the probability of malicious actors gaining access to protected computer systems and networks.
=> ↺ 3CX supply chain attack was the result of a previous supply chain attack, Mandiant says
The incident is the first known case of one supply chain attack leading to a second supply chain attack.
=> ↺ Linux malware from Lazarus Group resembles tools used in 3CX compromise
=> ↺ Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App
3CX hack is the first known cascading supply chain attack, with the breach starting after an employee downloaded compromised software from a different firm.
=> ↺ Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job
The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users.
=> ↺ Lazarus hackers now push Linux malware via fake job offers
This new targeting was discovered by ESET's researchers, who say it also helps confirm with high confidence that Lazarus conducted the recent supply-chain attack on VoIP provider 3CX.
=> ↺ Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack
=> ↺ 3CX Breach Was a Double Supply Chain Compromise
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.
=> ↺ Fortra Completes Investigation Into GoAnywhere Zero-Day Incident
Fortra has shared a summary of its investigation into the GoAnywhere zero-day incident that hit dozens of the company’s customers earlier this year.
=> ↺ PaperCut Warns of Exploited Vulnerability in Print Management Solutions
Print management solutions provider PaperCut warns that exploitation of a recently patched vulnerability has commenced.
=> ↺ UK Warns of Russian Hackers Targeting Critical Infrastructure
The UK government's information security arm warns of Russian state-aligned groups aiming to disrupt and destroy critical infrastructure in Western countries.
=> ↺ How endoflife.date Can Help You Find Out When Your Tech Support Will End
Some companies will tell you when support ends before a product is released. Canonical, for instance, gives a five-year support and updates guarantee for Ubuntu LTS releases, although this can be extended by another ten years with an Ubuntu Pro subscription.
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB