Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Aug 06, 2023

=> Windows TCO: Major Microsoft Breach and Wasting KDE's Time | My time on the IBM Linux Impact Team, and legacy

Vim Code Execution, DoS Vulns Fixed

=> ↺ Vim Code Execution, DoS Vulns Fixed

Several denial of service (DoS) and code execution vulnerabilities have been discovered in the Vim enhanced vi editor.

Microsoft Criticized Over Handling of Critical Power Platform Vulnerability

=> ↺ Microsoft Criticized Over Handling of Critical Power Platform Vulnerability

A critical Microsoft Power Platform vulnerability exposed authentication data and other secrets, but the tech giant has been accused of handling it poorly.

Google Awards Over $60,000 for V8 Vulnerabilities Patched With Chrome 115 Update [Ed: Better headline: Chrome is full of holes, so Google changes the news cycle to make it sound serious about security and very generous]

=> ↺ Google Awards Over $60,000 for V8 Vulnerabilities Patched With Chrome 115 Update

Google has paid out over $60,000 for three high-severity type confusion vulnerabilities in Chrome’s V8 engine.

Points.com Vulnerabilities Allowed Customer Data Theft, Rewards Program Hacking

=> ↺ Points.com Vulnerabilities Allowed Customer Data Theft, Rewards Program Hacking

Multiple vulnerabilities in the airline and hotel rewards platform points.com could have led to personal information theft and unauthorized administrative access.

n00b’s guide to DEF CON. Surviving the Matrix of the underground

=> ↺ n00b’s guide to DEF CON. Surviving the Matrix of the underground

Ah, DEF CON, the world’s largest hacker convention, a beacon for the diverse spectrum of cybersecurity enthusiasts.

PTP at DEF CON 31 2023

=> ↺ PTP at DEF CON 31 2023

Come and see us at the Aerospace Village, at Caesars Forum. Aerospace Village Fri 11th to Sun 13th Activity Take off in an A320 with hacked engine performance calculator.

Decommissioned Medical Infusion Pumps Expose Wi-Fi Configuration Data

=> ↺ Decommissioned Medical Infusion Pumps Expose Wi-Fi Configuration Data

Medical infusion pumps available via secondary market sources contain Wi-Fi configuration settings from the original organization.

Dozens of RCE Vulnerabilities Impact Milesight Industrial Router

=> ↺ Dozens of RCE Vulnerabilities Impact Milesight Industrial Router

Cisco Talos researchers warn of dozens of critical- and high-severity vulnerabilities in the Milesight UR32L industrial router leading to code execution.

Jailbreaking Tesla Infotainment Systems

=> ↺ Jailbreaking Tesla Infotainment Systems

With newer cars being computers on wheels, some manufacturers are using software to put features behind a paywall or thwarting DIY repairs. Industrious hackers security researchers have taken it upon themselves to set these features free by hacking a Tesla infotainment system. (via Electrek)

Unpatchable AMD Chip Flaw Unlocks Paid Tesla Feature Upgrades

=> ↺ Unpatchable AMD Chip Flaw Unlocks Paid Tesla Feature Upgrades

Researchers have uncovered a way to unlock Tesla's paid upgrades.

Threat Actors Abuse Cloudflare Tunnel for Persistent Access, Data Theft

=> ↺ Threat Actors Abuse Cloudflare Tunnel for Persistent Access, Data Theft

Threat actors have been observed abusing the open source Cloudflare Tunnel tool Cloudflared to maintain stealthy, persistent access to compromised systems.

Critical OpenSSH RCE Bugs Fixed

=> ↺ Critical OpenSSH RCE Bugs Fixed

Two critical remote code execution (RCE) vulnerabilities have been found in OpenSSH (CVE-2023-28531 and CVE-2023-38408). Because these bugs are simple to exploit and pose a severe threat to impacted systems' confidentiality, integrity, and availability, they have received a National Vulnerability Database base score of 9.8 out of 10 (''Critical'' severity).

=> gemini.tuxmachines.org