Tux Machines
Posted by Roy Schestowitz on Aug 09, 2023
=> today's howtos | Games: GNU/Linux Rising, Retro GNU/Linux Gaming Computer and More
=> ↺ Another round of speculative-execution vulnerabilities
A series of patches has landed in the mainline kernel, including one for gather data sampling mitigation and one to disable the AVX extension on CPUs where microcode mitigation is not available. ""This is a big hammer. It is known to break buggy userspace that uses incomplete, buggy AVX enumeration.""
Not to be left out, AMD processors suffer from a return-stack overflow vulnerability, again exploitable via speculative execution; this patch, also just merged, describes the problem and its mitigation.
Downfall attacks targets a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.
=> ↺ Security updates for Tuesday
Security updates have been issued by Debian (libhtmlcleaner-java and thunderbird), Red Hat (dbus, kernel, kernel-rt, kpatch-patch, and thunderbird), Scientific Linux (thunderbird), SUSE (chromium, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly, kernel-firmware, libqt5-qtbase, libqt5-qtsvg, librsvg, pcre2, perl-Net-Netmask, qt6-base, and thunderbird), and Ubuntu (firefox).
=> ↺ Researchers find active campaigns exploiting two Kubernetes misconfigurations
Aqua Security on Tuesday reported that at least 60% of the Kubernetes clusters they researched were breached and had an active campaign with deployed malware and backdoors.
In a release Aug. 8, Aqua Nautilus researchers explained that the exposures were caused by two misconfigurations, which emphasized how known and unknown misconfigurations are actively exploited in the wild and can have harmful consequences to corporate networks.
Police in Northern Ireland have been involved in a data breach ‘of monumental proportions’ affecting thousands of officers and civilian staff.
The major breach reportedly involves names, ranks and other personal data from employees of the Police Service of Northern Ireland (PSNI), but does not involve the officers’ and civilians’ private addresses, it is understood.
Containing the surnames of more than 10,000 staff, the data was mistakenly divulged in response to a Freedom of Information request and appears to cover everyone within the service, from chief constable Simon Byrne down.
=> ↺ Oregon Sports Medicine allegedly hit by 8Base threat actors
The listing indicates that the data were downloaded today and will be published on August 13 (presumably if there is no payment by then).
DataBreaches sent an inquiry to Oregon Sports Medicine seeking confirmation or denial of the claims and additional information but no reply was received.
SOCRadar has a recent article on 8Base, a group that has been around since 2022 but has seemingly become more publicly active in recent months. The Hacker News also provides coverage that includes links to a number of articles about the group.
=> ↺ New PaperCut Vulnerability Allows Remote Code Execution
A new vulnerability in the PaperCut MF/NG print management software can be exploited for unauthenticated, remote code execution.
=> ↺ CISA Unveils Cybersecurity Strategic Plan for Next 3 Years
CISA has unveiled its Cybersecurity Strategic Plan for the next 3 years, focusing on addressing immediate threats, hardening the terrain, and driving security.
=> ↺ Colorado Department of Higher Education Discloses Ransomware Attack, Data Breach
Colorado Department of Higher Education targeted in a ransomware attack that resulted in a data breach impacting many students and teachers.
=> ↺ CISA: Beware of the malicious boot loader
The U.S. Cybersecurity and Infrastructure Security Agency has issued a call to action to beef up security of a little-known but important piece of software that can be found in every computer.
=> ↺ PSNI: Major data breach identifies thousands of officers and civilian staff - BBC News
A top officer apologises for the breach affecting police and employees in Northern Ireland.
Skidmap is a piece of crypto-miner detected by Trend Micro in September 2019 while it was targeting Linux machines. The malicious code used kernel-mode rootkits to evade detection, it differs from similar miners because of the way it loads malicious kernel modules.
Trustwave researchers spotted a new, improved, and dangerous Skidmap variant, which was designed to target a wide range of Linux distributions, including Alibaba, Anolis, openEuler, EulerOS, Steam, CentOS, RedHat, and Rock.
=> ↺ New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers
"The malicious nature of this malware is to adapt to the system on which it is executed," Trustwave security researcher Radoslaw Zdonczyk said in an analysis published last week.
=> ↺ New InstallAware X16: Build 16 Times Faster, macOS/Linux Targets
InstallAware X16 launching on Friday this week builds packages 16 (sixteen) times faster using its new Parallel Build Engine, recompiles Windows setups for macOS and Linux.
=> ↺ Mozilla VPN client security on Linux is broken with no patch in sight
Mozilla VPN is a service offering security, reliability, and speed on every device, "everywhere you go." However, if you use SUSE Linux, wherever you go there's a dangerous security flaw in the service's client putting everything at risk.
For the past few months, the Linux version of the Mozilla VPN client has been affected by a dangerous security issue within the software's authentication process. The bug could easily be exploited to do very nasty things with the system and users' accounts, but Mozilla still has to provide a proper fix. The maximum embargo period of 90 days is over, so the developers have now disclosed the full details about the vulnerability.
=> ↺ Cyberattack shuts down Bnei Brak hospital’s computers
Mayanei Hayeshua Medical Center in Bnei Brak was hit by a cyberattack on Monday night, Israel’s Health Ministry announced on Tuesday morning. The hospital’s administrative computers were shut down in what was described as a ransomware attack.
The ultra-Orthodox hospital, located east of Tel Aviv, said medical equipment was not affected by the attack and that patients are being treated. But the ministry instructed that the center’s outpatient clinics and imaging centers not accept patients and that the public not go to its emergency room until further notice.
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB