Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jul 13, 2024

=> Open Hardware: RISC-V, Raspberry Pi, and Arduino | Fedora Project and Red Hat Leftovers

SANS ☛ Attacks against the "Nette" PHP framework CVE-2020-15227, (Fri, Jul 12th)

=> ↺ Attacks against the "Nette" PHP framework CVE-2020-15227, (Fri, Jul 12th)

Today, I noticed some exploit attempts against an older vulnerability in the "Nette Framework", CVE-2020-15227 [...]

Hackaday ☛ This Week In Security: Blast-RADIUS, Gitlab, And Plormbing

=> ↺ This Week In Security: Blast-RADIUS, Gitlab, And Plormbing

The RADIUS authentication scheme, short for “Remote Authentication Dial-In User Service”, has been widely deployed for user authentication in all sorts of scenarios. It’s a bit odd, in that individual users authenticate to a “RADIUS Client”, sometimes called a Network Access Server (NAS). In response to an authentication request, a NAS packages up the authentication details, and sends it to a central RADIUS server for verification. The server then sends back a judgement on the authentication request, and if successful the user is authenticated to the NAS/client.

LWN ☛ Security updates for Friday

=> ↺ Security updates for Friday

Security updates have been issued by Debian (apache2), Fedora (mingw-python3 and python-urllib3), Oracle (dotnet6.0, dotnet8.0, fence-agents, openssh, pki-core, and virt:ol and virt-devel:rhel), SUSE (apache2, firefox, libvpx, oniguruma, python-zipp, python310, thunderbird, and tomcat10), and Ubuntu (apache2, apport, linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi, linux, linux-gcp, linux-nvidia-6.5, linux-raspi, linux-gke, and python-django).

Security Week ☛ In Other News: Apple’s Spyware Warning, CDK Global Ransom Payment, Sibanye Cyberattack

=> ↺ In Other News: Apple’s Spyware Warning, CDK Global Ransom Payment, Sibanye Cyberattack

Noteworthy stories that might have slipped under the radar: Abusive Monopolist Microsoft details Rockwell HMI vulnerabilities, smart grills hacked, Predator spyware activity drops.

Federal News Network ☛ DHS official details efforts to harmonize cyber incident reporting rules

=> ↺ DHS official details efforts to harmonize cyber incident reporting rules

DHS cyber lead Iranga Kahangama also says the proposed cyber incident reporting rule is not "simply a land grab," as some criticize it for being overly broad.

Security Week ☛ Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes

=> ↺ Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes

Successful exploitation could allow attackers to deliver executable attachments to inboxes.

Security Week ☛ CISA Red Team Exercise Finds Critical Vulnerabilities in Federal Civilian Agency

=> ↺ CISA Red Team Exercise Finds Critical Vulnerabilities in Federal Civilian Agency

CISA says a SILENTSHIELD red team assessment found gaping holes in the security posture of a federal civilian executive branch organization.

Security Week ☛ Millions Impacted by Breach at Advance Auto Parts Linked to Snowflake Incident

=> ↺ Millions Impacted by Breach at Advance Auto Parts Linked to Snowflake Incident

Advance Auto Parts says the personal information of 2.3 million was compromised after hackers accessed its Snowflake account.

New York Times ☛ AT&T Says Phone Data of ‘Nearly All’ Customers Was Breached in 2022

=> ↺ AT&T Says Phone Data of ‘Nearly All’ Customers Was Breached in 2022

More than 100 million customers’ phone records were exposed, but the breach did not include contents of calls, texts or data such as Social Security numbers and passwords.

=> gemini.tuxmachines.org