Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Nov 13, 2024

=> Programming Leftovers | Linux Devices and Open Hardware

Netcraft ☛ How to Prevent Phishing Attacks

=> ↺ How to Prevent Phishing Attacks

The strategy used depends on the nature of the threat actors carrying out the attack, their motives, and their objectives.

While the first strategy falls under the primary remit of your security team and is often well understood, less is known and practiced with regards to the second. Phishing attacks that target your customers are more nebulous. Not only can they be much harder to detect, classify, and remediate, addressing them requires a more diverse stakeholder mix (beyond the security team alone).

Phishing attacks that target your customers—be they buyers or users—can have far-reaching consequences.

QSB-106: Information disclosure through uninitialized memory in libxl

=> ↺ QSB-106: Information disclosure through uninitialized memory in libxl

We have published Qubes Security Bulletin (QSB) 106: Information disclosure through uninitialized memory in libxl. The text of this QSB and its accompanying cryptographic signatures are reproduced below, followed by a general explanation of this announcement and authentication instructions.

=> ↺ Qubes Security Bulletin (QSB) 106: Information disclosure through uninitialized memory in libxl

=> ↺ Qubes Security Bulletin (QSB) 106: Information disclosure through uninitialized memory in libxl

SANS ☛ Microsoft November 2024 Patch Tuesday, (Tue, Nov 12th)

=> ↺ Microsoft November 2024 Patch Tuesday, (Tue, Nov 12th)

This month, Abusive Monopolist Microsoft is addressing a total of 83 vulnerabilities. Among these, 3 are classified as critical, 2 have been exploited in the wild, and another 2 have been disclosed prior to Patch Tuesday. Organizations are encouraged to prioritize these updates to mitigate potential risks and enhance their security posture.

Education

Light Blue Touchpaper ☛ 3rd edition of Ross Anderson’s Security Engineering now freely available for download | Light Blue Touchpaper

=> ↺ 3rd edition of Ross Anderson’s Security Engineering now freely available for download | Light Blue Touchpaper

Ross Anderson had agreed with his publisher, Wiley, that he would be able to make all chapters of the 3rd edition of his book Security Engineering available freely for download from his website. These PDFs are now available there.

=> gemini.tuxmachines.org