Tux Machines
Posted by Roy Schestowitz on Jul 15, 2023
=> Open Hardware: Raspberry Pi and Arduino | Best Free and Open Source Alternatives to Apple Time Machine
=> ↺ Security updates for Friday [LWN.net]
Security updates have been issued by Debian (lemonldap-ng and php-dompdf), Red Hat (.NET 6.0, .NET 7.0, firefox, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (ghostscript, installation-images, kernel, php7, python, and python-Django), and Ubuntu (linux-azure, linux-gcp, linux-ibm, linux-oracle, mozjs102, postgresql-9.5, and tiff).
=> ↺ Sex abuse victim’s details could be among hundreds revealed by data breach
A sex abuse survivor is one of “around 400” victims of a “chilling” data breach, it tonight has emerged.
The London Mayor’s Office blunder, currently under investigation, involves complaints about policing in the capital being made wrongly accessible via an official website. The survivor of sexual abuse has described her distress tonight.
The probe centres on the London Mayor’s Office online forms which were hosted by the Greater London Authority’s website.
=> ↺ Hillsborough notifies 70,000 of potential data breach in health, aging services
Hillsborough County has notified more than 70,000 people that a global data breach may have put their personal information at risk.
The breach involved the MOVEit file transfer tool, a third-party service that complies with federal Health Insurance Portability and Accountability Act (HIPAA) regulations.
The breach also may have affected 106 people employed by a dozen vendors used by the county’s Aging Services Department.
=> ↺ Citrix fixed a critical flaw in Secure Access Client for Ubuntu
Citrix addressed a critical vulnerability, tracked as CVE-2023-24492 (CVSS score of 9.6), affecting the Secure Access client for Ubuntu that could be exploited to achieve remote code execution.
An attacker can trigger the vulnerability by tricking the victim into opening a specially crafted link and accepting further prompts.
=> ↺ Benefit from Linux Security
The siloed security of traditional SAP environments is reaching its limits in an era of increasing interconnectivity between SAP and non-SAP systems. Will this lead to compromises in process landscape security?
The answer is no. Established security layers from the open source and Linux world are also certified for SAP landscapes. Supported by an automated solution, they can even simplify and increase IT security. There are many tried and tested features available for Linux that also improve IT security in a sustainable manner, which can now be increasingly curated and certified for use in SAP landscapes.
=> ↺ Fake Linux vulnerability exploit drops data-stealing malware
Cybersecurity researchers and threat actors are targeted by a fake proof of concept (PoC) CVE-2023-35829 exploit that installs a Linux password-stealing malware.
Uptycs analysts discovered the malicious PoC during their routine scans when detection systems flagged irregularities such as unexpected network connections, unauthorized system access attempts, and atypical data transfers.
=> ↺ Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method.
They're not Linux routers, the issue is further up the stack, sometimes bad passwords. Anything to distract from what Microsoft just did to the US government? https://www.bleepingcomputer.com/news/security/avrecon-malware-infects-70-000-linux-routers-to-build-botnet/
=> ↺ AVrecon malware infects 70,000 Linux routers to build botnet
"We suspect the threat actor focused on the type of SOHO devices users would be less likely to patch against common vulnerabilities and exposures (CVEs)," Black Lotus Labs said.
=> gemini.tuxmachines.org This content has been proxied by September (3851b).Proxy Information
text/gemini;lang=en-GB