Tux Machines
Posted by Roy Schestowitz on Aug 12, 2023
=> Today in Techrights | today's leftovers
=> ↺ Windows ransomware thrives in APJ with LockBit leading the way
The golden age of Windows ransomware appears to be here, judging by the statistics provided by content delivery network Akamai in its latest State of the Internet report that spans the period from October 2021 to the end of May 2023.
=> ↺ XSAs released on 2023-08-08
The Xen Project has released one or more Xen security advisories (XSAs).
=> ↺ Xen Project | ↺ Xen security advisories (XSAs)
=> ↺ Xen Project | ↺ Xen security advisories (XSAs)
We have published Qubes Security Bulletin 093: Transient execution vulnerabilities in AMD and Intel CPUs (CVE-2023-20569/XSA-434, CVE-2022-40982/XSA-435). The text of this QSB and its accompanying cryptographic signatures are reproduced below. For an explanation of this announcement and instructions for authenticating this QSB, please see the end of this announcement.
=> ↺ Intel's Arc Alchemist GPUs Have Hidden Security Flaws
Intel Arc A770 and A750 vulnerabilities allow authenticated users to enable denial of service or information disclosure.
=> ↺ Intel Addresses 80 Firmware, Software Vulnerabilities
Intel has addressed 80 vulnerabilities affecting its products, including 18 high-severity privilege escalation and DoS flaws.
=> ↺ Google unveils 'Downfall' attacks, vulnerability in Intel chips
Google researcher Daniel Moghimi first reported CVE-2022-40982 and the resulting data leak attacks to Intel in August 2022, but it's taken nearly 12 months to disclose the flaw.
=> ↺ Intel 'Downfall' bug exposes keys, passwords and other confidential data
A microcode update has been released to address the issue
=> ↺ In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 7, 2023.
=> ↺ Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach
Northern Ireland’s top police officer apologized for what he described as an “industrial scale” data breach in which the personal information of more than 10,000 officers and staff was released to the public.
=> ↺ MoustachedBouncer: Foreign Embassies in Belarus Likely Targeted via ISPs
MoustachedBouncer is a cyberespionage group that targets foreign diplomats in Belarus via ISP adversary-in-the-middle attacks.
=> ↺ A new White House order is taking aim at investment in Chinese tech. How will it actually work?
A new executive order restricting outbound investment seeks to address narrow national security threats posed to the United States by China.
=> ↺ The US plans to clamp down on American investment in Chinese tech
The White House is set to unveil restrictions on US investment in sensitive Chinese technology, Reuters reported, in an effort to limit the flow of US capital and know-how to China.
=> ↺ CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio
CISA has added CVE-2023-38180, a zero-day vulnerability affecting .NET and Visual Studio, to its Known Exploited Vulnerabilities Catalog.
=> ↺ SAP Patches Critical Vulnerability in PowerDesigner Product
SAP has fixed over a dozen new vulnerabilities with its Patch Tuesday updates, including a critical flaw in its PowerDesigner product.
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB