Tux Machines

Security Leftovers

Posted by Roy Schestowitz on May 11, 2023

=> Lighttpd 1.4.70, FreeBSD, and Geckodriver 0.33.0 | Ubuntu Studio, More Ubuntu Derivatives/Favours, and Ubuntu on Lenovo ThinkStation and ThinkPad Workstations

AWS open-sources snapshot fuzzing and policy authorization tools

=> ↺ AWS open-sources snapshot fuzzing and policy authorization tools

Amazon Web Services Inc. said today that it’s open-sourcing two new projects, including a new fuzzing tool for finding vulnerabilities in software and an authorization policy language for controlling application access.

Sec firm Dragos says threat actor failed in extortion bid after attack

=> ↺ Sec firm Dragos says threat actor failed in extortion bid after attack

The threat actor claimed in a post on the dark web that more than 130GB of data was exfiltrated from the company. The post was included in a tweet from vx-underground which publishes data about malware source code, samples, and papers.

Microsoft issues optional fix for Secure Boot zero-day used by malware

=> ↺ Microsoft issues optional fix for Secure Boot zero-day used by malware

Microsoft has released security updates to address a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware to infect fully patched Windows systems.

Microsoft’s May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug [Ed: Newer bug doors ready to deploy on PCs]

=> ↺ Microsoft’s May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug

Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild.

=> gemini.tuxmachines.org