💾 Archived View for gemini.tuxmachines.org › n › 2023 › 07 › 10 › Security_Leftovers.gmi captured on 2023-07-10 at 13:20:09. Gemini links have been rewritten to link to archived content

View Raw

More Information

➡️ Next capture (2024-06-20)

-=-=-=-=-=-=-

Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jul 10, 2023

today's leftovers

LibreCAD 2.2.0.1

Russell Coker: Sandboxing Phone Apps

=> https://etbe.coker.com.au/2023/07/08/sandboxing-phone-apps/ ↺ Russell Coker: Sandboxing Phone Apps

As a follow up to Wayland [1]:

=> https://etbe.coker.com.au/2022/03/25/wayland/ ↺ Wayland [1]

A difficult problem with Linux desktop systems (which includes phones and tablets) is restricting application access so that applications can’t mess with each other’s data or configuration but also allowing them to share data as needed. This has been mostly solved for Android but that involved giving up all “legacy” Linux apps. I think that we need to get phones capable of running a full desktop environment and having Android level security on phone apps and regular desktop apps. My interest in this is phones running Debian and derivatives such as PureOS. But everything I describe in this post should work equally well for all full featured Linux distributions for phones such as Arch, Gentoo, etc and phone based derivatives of those such as Manjaro. It may be slightly less applicable to distributions such as Alpine Linux and it’s phone derivative PostmarketOS, I would appreciate comments from contributors to PostmarketOS or Alpine Linux about this.

=> https://etbe.coker.com.au/2022/03/25/wayland/ ↺ Wayland [1]

HVE-BC1750-0001: Deceptive Information Disclosure Vulnerability in Human Interaction Protocols

=> https://xeiaso.net/blog/HVE-BC1750-0001 ↺ HVE-BC1750-0001: Deceptive Information Disclosure Vulnerability in Human Interaction Protocols

In this report, we describe a discovered remote code execution vulnerability in neural language processing systems. These systems, currently in active use by major social media networks including but not limited to Twitter, Facebook, and LinkedIn, allow for the crafting of a carefully selected message that allows successful attackers to gain control over the target victim.

Novel Linux kernel vulnerability exploitable for elevated privileges

=> https://www.scmagazine.com/brief/vulnerability-management/novel-linux-kernel-vulnerability-exploitable-for-elevated-privileges ↺ Novel Linux kernel vulnerability exploitable for elevated privileges

Attackers could leverage the new StackRot vulnerability in the Linux kernel to facilitate privilege escalation in targeted hosts, The Hacker News reports.
Linux versions 6.1 to 6.4 are affected by the use-after-free flaw, tracked as CVE-2023-3269, which originated from the maple tree data structure that replaced red-black tree for virtual memory area management and storage, said Peking University security researcher Ruihan Li.

It: Luigi Vanvitelli hospital hit by ransomware

=> https://www.databreaches.net/it-luigi-vanvitelli-hospital-hit-by-ransomware/ ↺ It: Luigi Vanvitelli hospital hit by ransomware

On July 4, the Luigi Vanvitelli hospital in Italy posted a notice on its homepage that it had been the victim of a ransomware attack on July 1 and was investigating it. There has been no update since then.

Cyber ​​attack on the Luigi Vanvitelli university hospital in Naples. It was ransomware

=> https://news.italy24.press/local/677710.html ↺ Cyber ​​attack on the Luigi Vanvitelli university hospital in Naples. It was ransomware

There is no respite for the Italian “gooses that lay golden eggs”, the hospitals that do not seem to suffer a respite. And after ASL1 Abruzzo, now it’s the turn of the Luigi Vanvitelli university hospital in Naples.
The hackers criminals have hit the hospital with a type cyber attack ransomware. The incident was disclosed by the national cybersecurity agency, which sent a team of experts to support the hospital in managing the attack and restoring the compromised systems.

gemini.tuxmachines.org