Security Leftovers
-
Pen Test Partners ☛ Navigating the perilous waters of conference invitations
TL:DR Being asked to speak at events is great …except when it looks like a scam or a phishing attempt
-
Ubuntu Responds to More libde265 Vulnerabilities
Recently, the Ubuntu security team released updates aimed at mitigating libde265 vulnerabilities across several releases, including Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04, and Ubuntu 16.04. These vulnerabilities pose significant risks, including denial of service attacks and potential execution of arbitrary code when specially crafted files are opened.
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (chromium and openvswitch), Fedora (chromium, python-multipart, thunderbird, and xen), Mageia (java-17-openjdk and screen), Red Hat (.NET 7.0, .NET 8.0, kernel-rt, kpatch-patch, postgresql:13, and postgresql:15), Slackware (expat), SUSE (glibc, python-Django, python-Django1, sudo, and vim), and Ubuntu (expat, linux-ibm, linux-ibm-5.4, linux-oracle, linux-oracle-5.4, linux-lowlatency, linux-raspi, python-cryptography, texlive-bin, and xorg-server).
-
Scoop News Group ☛ FCC approves cybersecurity label for consumer devices
The U.S. Cyber Trust Mark aims to provide consumers with a better understanding of the security of their Internet of Things devices.
-
Security Week ☛ Chrome’s Standard Safe Browsing Now Has Real-Time URL Protection [Ed: Chrome itself is unsafe, however, as it is practically spyware]
Chrome’s standard Safe Browsing protections now provide real-time malicious site detection and Password Checkup on iOS now flags weak passwords.
-
Security Week ☛ Cisco Patches High-Severity IOS RX Vulnerabilities
Cisco releases patches for high-severity denial-of-service and elevation of privilege vulnerabilities in IOS RX software.
-
Federal News Network ☛ FedRAMP acting director Conrad to step down
Brian Conrad, the acting director of the FedRAMP cloud security program, has led several modernization initiatives over the last three years.
-
Security Week ☛ Boat Dealer MarineMax Hit by Cyberattack
MarineMax, one of the world’s largest retailers of recreational boats and yachts, discloses a cyberattack.
-
NHS Scotland hit by ‘ongoing’ cyber attack amid fears hackers have stolen patients’ personal data
A Scots health board has been hit by an ongoing cyber attack.
Hackers targeted NHS Dumfries and Galloway and may have accessed patient data.
Staff have been urged to stay alert for any attempts to access their information.
The “focused” attack is being probed by Police Scotland and the National Cyber Security Agency.