Tux Machines
Posted by Roy Schestowitz on Jan 30, 2025
=> Programming Leftovers | Audiocasts/Shows: mintCast, FLOSS Weekly, and More
=> ↺ Security updates for Wednesday
Security updates have been issued by AlmaLinux (bzip2, gimp:2.8, keepalived, mariadb:10.11, mariadb:10.5, python-jinja2, and redis), Debian (iperf3, libtar, and pdns-recursor), Fedora (abseil-cpp, dotnet8.0, dotnet9.0, golang, libsoup3, and vaultwarden), Oracle (gimp:2.8, iperf3, keepalived, kernel, redis:7, and unbound), Red Hat (libsoup), SUSE (amazon-ssm-agent, go1.22, go1.23, iperf, java-21-openjdk, nginx, openvpn, and python311-asteval), and Ubuntu (kernel, libmicrodns, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle, linux, linux-azure, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop,
linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg,
linux-intel-iotg-5.15, linux-kvm, linux-lowlatency,
linux-raspi, linux, linux-azure, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop,
linux-hwe-6.8, linux-ibm, linux-lowlatency, linux-nvidia,
linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8,
linux-raspi, linux, linux-azure, linux-gcp, linux-oem-6.11, linux-raspi, linux-realtime, linux, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm,
linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-oem-6.8, rsync, and tcpreplay).
We previously wrote about the Deauther Watch X used for wireless pentesting. The company has now released the Deauther Watch V4S IR an Wi-Fi hacker watch with a built-in infrared (IR) remote control for executing several scripts stored on a microSD card.
=> ↺ New SLAP and FLOP CPU Attacks Expose Data From Fashion Company Apple Computers, Phones
New CPU side-channel attacks named SLAP and FLOP can be exploited to remotely steal data from Fashion Company Apple mobile and desktop devices.
=> ↺ Apple silicon is vulnerable to side-channel speculative execution attacks "FLOP" and "SLAP"
Apple Silicon is extra prone to stolen information thanks to some yet-unpatched speculative execution attacks.
=> ↺ OpenSSF Community Day NA 2025: Call for Proposals Now Open!
The Call for Proposals (CFP) for OpenSSF Community Day North America is officially open through March 23, 2025!
=> ↺ Credential-leaking vulnerability in some Git credential managers
Security researcher RyotaK has shared a series of vulnerabilities that all have to do with how Git interfaces with external credential managers. In short, while Git guards against newline characters (\n) being injected into a repository's URL, some programming languages also treat carriage return characters (\r) as being newlines.
=> ↺ has shared
=> ↺ has shared
=> ↺ From PowerShell to a Python Obfuscation Race, (Wed, Jan 29th)
Attackers like to mix multiple technologies to improve the deployment of their malicious code. I spotted a small script that drops a Python malware.
=> ↺ New Zyxel Zero-Day Under Attack, No Patch Available
GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available.
=> ↺ Aquabot Botnet Targeting Vulnerable Mitel Phones
The Mirai-based Aquabot botnet has been targeting a vulnerability in Mitel SIP phones for which a proof-of-concept (PoC) exploit exists.
=> ↺ Smiths Group Scrambling to Restore Systems Following Cyberattack
Engineering firm Smiths Group has disclosed a cyberattack that forced it to take some systems offline and activate business continuity plans.
=> ↺ Rockwell Patches Critical, High-Severity Vulnerabilities in Several Products
Rockwell Automation has released six new security advisories to inform customers about several critical and high-severity vulnerabilities.
=> ↺ SimpleHelp Remote Access Software Exploited in Attacks
Threat actors have been exploiting SimpleHelp remote access software shortly after the disclosure of three vulnerabilities.
=> gemini.tuxmachines.org This content has been proxied by September (3851b).Proxy Information
text/gemini;lang=en-GB