Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jun 24, 2023

=> Today in Techrights | Ubuntu 23.10 (Mantic Minotaur) Is Now Powered by Linux Kernel 6.3

Apple fixes two flaws used to attack Kaspersky employees

=> ↺ Apple fixes two flaws used to attack Kaspersky employees

In 2015, Kaspersky exposed an entity it called the Equation Group, which has been long rumoured to be an internal NSA unit. The company also detailed how the Stuxnet operation was carried out to cripple Iran's nuclear reactors.

Deep Instinct uncovers new JavaScript-based malware dropper

=> ↺ Deep Instinct uncovers new JavaScript-based malware dropper

Threat protection startup Deep Instinct Ltd.'s Threat Research Lab today provided details of a new strain of JavaScript-based dropper that delivers two forms of malware onto victims' computers. Dubbed PindOS after a user-agent string of the same name in the code, the dropper contains comments in Russian and delivers Bumblebee and IcedID malware.

China-Linked APT15 Targets Foreign Ministries With ‘Graphican’ Backdoor

=> ↺ China-Linked APT15 Targets Foreign Ministries With ‘Graphican’ Backdoor

A Chinese hacking group flagged as APT15 is targeting foreign affairs ministries in the Americas with a new backdoor named Graphican.

North Korean Hackers Caught Using Malware With Microphone Wiretapping Capabilities

=> ↺ North Korean Hackers Caught Using Malware With Microphone Wiretapping Capabilities

A hacking group linked to the North Korean government has been caught using new malware with microphone wiretapping capabilities.

PoC Exploit Published for Cisco AnyConnect Secure Vulnerability

=> ↺ PoC Exploit Published for Cisco AnyConnect Secure Vulnerability

A security researcher has published proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure.

14 Important Chromium Use-After-Free, Type Confusion Bugs Fixed

=> ↺ 14 Important Chromium Use-After-Free, Type Confusion Bugs Fixed

Fourteen important vulnerabilities have been discovered in Chromium, including multiple use-after-free and type confusion bugs. With a low attack complexity and a high confidentiality, integrity and availability impact, these issues have received a National Vulnerability Database severity rating of ''High''.

Bipartisan Bill Proposes Cybersecurity Funds for Rural Water Systems

=> ↺ Bipartisan Bill Proposes Cybersecurity Funds for Rural Water Systems

A new bill proposes to increase cybersecurity funding for rural water systems by $7.5 million dollars per year.

Federal incentives could help utilities overcome major cybersecurity hurdle: money

=> ↺ Federal incentives could help utilities overcome major cybersecurity hurdle: money

A new rule that would give electric utilities incentives for investing in cybersecurity is set to go into effect next month.

=> gemini.tuxmachines.org