Tux Machines

Security Leftovers

Posted by Roy Schestowitz on May 18, 2023

=> Programming Leftovers | Gemini Articles of Interest

Security updates for Wednesday

=> ↺ Security updates for Wednesday

Security updates have been issued by Debian (netatalk), Mageia (connman, firefox/nss/rootcerts, freeimage, golang, indent, kernel, python-django, python-pillow, and thunderbird), Red Hat (apr-util, firefox, java-1.8.0-ibm, libreswan, and thunderbird), SUSE (conmon, curl, java-11-openjdk, and libheif), and Ubuntu (libwebp, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux, linux-aws, linux-aws-hwe, linux-kvm, linux, linux-aws, linux-azure, linux-azure-5.19, linux-kvm, linux-lowlatency, linux-raspi, node-eventsource, and openjdk-8, openjdk-lts, openjdk-17, openjdk-20).

WordPress 6.2.1 Maintenance & Security Release

=> ↺ WordPress 6.2.1 Maintenance & Security Release

WordPress 6.2.1 is now available! This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement. This release also features several security fixes.

Freexian Collaborators: Monthly report about Debian Long Term Support, April 2023 (by Roberto C. Sánchez)

=> ↺ Freexian Collaborators: Monthly report about Debian Long Term Support, April 2023 (by Roberto C. Sánchez)

Improvements to PPA management in 23.10

=> ↺ Improvements to PPA management in 23.10

We’re excited to announce the release of software-properties 0.99.37, just uploaded to mantic-proposed! This update brings a significant change to how PPAs are managed on Ubuntu systems, thanks to the hard work of @enr0n.

In previous versions of Ubuntu, PPAs were managed through a traditional .list file located at /etc/apt/sources.list.d/, accompanied by a gpg keyring at /etc/apt/trusted.gpg.d.

XSAs released on 2023-05-16

=> ↺ XSAs released on 2023-05-16

The Xen Project has released one or more Xen security advisories (XSAs).

=> ↺ Xen Project | ↺ Xen security advisories (XSAs)

The security of Qubes OS is not affected.

Therefore, no user action is required.

=> ↺ Xen Project | ↺ Xen security advisories (XSAs)

It’s always DNS, here’s why…

=> ↺ It’s always DNS, here’s why…

Another issue with the Cyber Resilience Act: European standards bodies are inaccessible to Open Source projects

=> ↺ Another issue with the Cyber Resilience Act: European standards bodies are inaccessible to Open Source projects

Europe's standards bodies have no functional relationships with Open Source charities and do not consult them.

We need more breach transparency, but a lot of obstacles are in the way

=> ↺ We need more breach transparency, but a lot of obstacles are in the way

Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks

=> ↺ Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks

Critical vulnerabilities found in Teltonika products by industrial cybersecurity firms Otorio and Claroty expose thousands of internet-exposed devices to attacks.

New Babuk-Based Ransomware Targeting Organizations in US, Korea

=> ↺ New Babuk-Based Ransomware Targeting Organizations in US, Korea

An emerging ransomware gang called RA Group is targeting organizations in the US and South Korea.

Lancefly APT Targeting Asian Government Organizations for Years

=> ↺ Lancefly APT Targeting Asian Government Organizations for Years

A threat actor tracked as Lancefly has been targeting government organizations in South and Southeast Asia for at least three years.

Notice relating to privacy breach

=> ↺ Notice relating to privacy breach

On Thursday 11 May 2023 Ambulance Victoria (AV) was made aware that documents containing personal information of some current and prospective employees was accessible to other AV employees on the AV intranet.

The documents contained the alcohol and other drug testing results of approximately 600 job applicants undertaken between May 2017 and October 2018. The documents included first name, last name, date of test, results (negative or non-negative, which meant further testing was required) and, where applicable, the class of drug detected and whether AV standards were met or further lab results required.

North Korea and Russia, notorious for hacking, team up on cybersecurity proposal

=> ↺ North Korea and Russia, notorious for hacking, team up on cybersecurity proposal

North Korea has thrown its weight behind a Russian effort to shore up global cyber “stability and security,” Moscow announced Tuesday, forming an unlikely coalition of states better known for instigating cyberattacks than stopping them.

The Downs School, hit by possible cyber attack, seeking help from West Berkshire Council, the Department for Education and cyber security experts

=> ↺ The Downs School, hit by possible cyber attack, seeking help from West Berkshire Council, the Department for Education and cyber security experts

"As I am sure you can appreciate, last week was extremely challenging for the school staff, who had to adapt very quickly to the absence of IT across the school," wrote headteacher Chris Prosser. "I would like to take this opportunity to commend my staff for their flexibility, courage and determination to ensure the continuation of the education of our students."

AG Platkin Co-Leads $2.5-Million Multistate Settlement with EyeMed Over Data Breach that Compromised the Personal Information of Millions of Patients

=> ↺ AG Platkin Co-Leads $2.5-Million Multistate Settlement with EyeMed Over Data Breach that Compromised the Personal Information of Millions of Patients

Attorney General Matthew J. Platkin announced today that New Jersey is co-leading, with Oregon and Florida, an overall $2.5-million settlement with EyeMed Vision Care (“EyeMed”) that resolves an investigation into a data breach that compromised the personal and medical information of approximately 2.1 million people, including more than 52,000 from New Jersey. Pennsylvania also joined in the multistate settlement.

Keeping a competitive edge in the cybersecurity ‘game’ [Ed: "This article was produced by Microsoft Federal, for CyberScoop." So a site that claims to be for security prints crap from a back doors proponent.]

=> ↺ Keeping a competitive edge in the cybersecurity ‘game’

White House plan to implement cyber strategy includes ambitious digital education effort [Ed: But not deleting Microsoft and Windows?]

=> ↺ White House plan to implement cyber strategy includes ambitious digital education effort

=> gemini.tuxmachines.org