Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Apr 25, 2023

=> today's howtos | Red Hat Leftovers

Lazarus Hackers’ Linux Malware Linked to 3CX Supply-Chain Attack [Ed: The issue here is 3CX, not "Linux"]

=> ↺ Lazarus Hackers’ Linux Malware Linked to 3CX Supply-Chain Attack

New cyber research connects the infamous North Korea-aligned Lazarus Group behind the Linux malware attack called Operation DreamJob to the 3CX supply-chain attack.

Blog: Updates to the Auto-refreshing Official CVE Feed

=> ↺ Blog: Updates to the Auto-refreshing Official CVE Feed

Since launching the Auto-refreshing Official CVE feed as an alpha feature in the 1.25 release, we have made significant improvements and updates. We are excited to announce the release of the beta version of the feed. This blog post will outline the feedback received, the changes made, and talk about how you can help as we prepare to make this a stable feature in a future Kubernetes Release.

=> ↺ Auto-refreshing Official CVE feed

=> ↺ Auto-refreshing Official CVE feed

Golang crypto/ecdh and the TPM

=> ↺ Golang crypto/ecdh and the TPM

I have lately been trying to learn more about the Trusted Platform Module (TPM) as they are capable of key creation and sealing secrets in a secure manner. They are common hardware these days and make for a reasonable ways to store secrets.

Mozilla confirms memory leak in Firefox

=> ↺ Mozilla confirms memory leak in Firefox

Mozilla confirmed a rare memory leak in recent versions of its open source web browser Firefox that occurs under rare conditions.

The organization released Firefox 112.0.1 a few days ago, the latest stable version of the web browser. The update addressed a issue related to cookies in Firefox. Affected Firefox versions would set the last used date of cookies thousands of years in the future, which had the result that users were logged out of web services.

=> gemini.tuxmachines.org