Tux Machines
Posted by Roy Schestowitz on Sep 14, 2023
=> Audiocasts/Shows: mintCast, Linux Out Loud, MakuluLinux LinDoz 2023, and ThunderCast | today's howtos
=> ↺ Critical OpenDMARC DoS Bug Fixed
A critical vulnerability was found in the OpenDMARC open-source implementation of the DMARC specification. It was discovered that OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 incorrectly handled certain inputs, resulting in remote memory corruption in certain situations ( CVE-2020-12460 ). This vulnerability has received a National Vulnerability Database base score of 9.8 out of 10 (''Critical'' severity).
=> ↺ Linux Malware! Read This If You Use Free Download Manager
We do not often talk about Linux malware because it is often quickly patched up and not exploited much in the wild compared to Windows/macOS. However, there has been a concern regarding the Free Download Manager (a decently popular cross-platform download manager).
=> ↺ OpenSSF Gathers US Government and Industry Leaders at Secure Open Source Software Summit 2023 | ↺ doubling the bribes | ↺ buying more seats
=> ↺ Zero-Click Exploit in iPhones
Make sure you update your iPhones:
=> ↺ macOS Info-Stealer Malware ‘MetaStealer’ Targeting Businesses
The MetaStealer macOS information stealer has been targeting businesses to exfiltrate keychain and other valuable information.
=> ↺ CISA Releases Open Source Software Security Roadmap
CISA details its plan to support the open source software ecosystem and secure the use of open source software within the federal government.
=> ↺ Mozilla Security Blog: Version 2.9 of the Mozilla Root Store Policy
Online security is constantly evolving, and thus we are excited to announce the publication of MRSP version 2.9, demonstrating that we are committed to keep up with the advancement of the web and further our commitment to a secure and trustworthy internet.
=> ↺ Cameron Kaiser: WebP chemspill patch on Github
A fix is in the TenFourFox tree for MFSA 2023-40, a/k/a CVE-2023-4863, which is a heap overflow in the WebP image decoder.
=> ↺ MFSA 2023-40 | ↺ CVE-2023-4863
=> ↺ Chrome, Firefox and other browsers affected by critical WebP vulnerability
Google LLC, the Mozilla Foundation and other browser makers have released patches to fix a zero-day vulnerability affecting the WebP image format. It’s believed that hackers are actively exploiting the flaw to launch cyberattacks.
=> ↺ DShield and qemu Sitting in a Tree: L-O-G-G-I-N-G, (Thu, Sep 14th)
This is a Guest Diary by Allen Ingle, an ISC intern as part of the SANS.edu BACS program
=> ↺ BACS
=> ↺ China Denies Banning iPhones, but Cites Unspecified Security Concerns
The comments marked Beijing’s first public response to reports that some government agencies have told employees not to use iPhones for work.
=> ↺ China Says No Law Banning iPhone Use in Govt Agencies
China said it was following media reports about suspected security issues with iPhones but insisted there was no ban on its officials using the devices
=> ↺ How Next-Gen Threats Are Taking a Page From APTs
Cybercriminals are increasingly trying to find ways to get around security, detection, intelligence and controls as APTs start to merge with conventional cybercrime.
=> ↺ Airbus Launches Investigation After Hacker Leaks Data
Airbus has launched an investigation after a hacker claimed to have breached the company’s systems and leaked some business documents.
=> ↺ China sets AI sights on democracies – reports
Microsoft and RAND Corp both warn of the potential of manipulation to swing votes.
=> ↺ It’s another Microsoft 365 outage again as Teams fails to send and receive messages
Microsoft 365 is down again today. That hardly sounds new or surprising to many as it is almost a weekly occurrence.
=> ↺ Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
Today is Microsoft’s September 2023 Patch Tuesday, with security updates for 59 flaws, including two actively exploited zero-day vulnerabilities.
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB