💾 Archived View for gemini.tuxmachines.org › n › 2023 › 07 › 07 › Security_Leftovers.gmi captured on 2024-06-20 at 12:54:25. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jul 07, 2023

“Fixing” WiFi 6 on Linux in Alder Lake-N mini PCs (Intel N95, N100, Core i3-N300…)

Fedora considers "privacy-preserving" telemetry (UPDATED)

HWL Ebsworth working to address effects of attack: cyber czar

=> https://itwire.com/security/hwl-ebwsorth-working-to-address-effects-of-attack-cyber-czar.html ↺ HWL Ebsworth working to address effects of attack: cyber czar

HWL Ebsworth was hit by the Alphv ransomware gang earlier this year. The attackers released the first lot of stolen data, including passport copies and other documents, on the dark web on 2 June.

Embedded IoT security: Helping vendors in the design process

=> https://blog.apnic.net/2023/07/06/embedded-iot-security-helping-vendors-in-the-design-process/ ↺ Embedded IoT security: Helping vendors in the design process

Guest Post: New vendor guide for embedding IoT security.

Reproducible Builds: Reproducible Builds Summit 2023 in Hamburg

=> https://reproducible-builds.org/news/2023/07/05/reproducible-builds-hamburg-meeting/ ↺ Reproducible Builds: Reproducible Builds Summit 2023 in Hamburg

We are glad to announce the upcoming Reproducible Builds Summit, set to take place from October 31st to November 2nd, 2023, in the vibrant city of Hamburg, Germany.

This year, we are thrilled to host the seventh edition of this exciting event following the success of previous summits in various iconic locations around the world, including Venice (2022), Marrakesh (2019), Paris (2018), Berlin (2017), Berlin (2016) Athens (2015).

=> https://reproducible-builds.org/events/venice2022/ ↺ Venice

=> https://reproducible-builds.org/events/Marrakesh2019/ ↺ Marrakesh

=> https://reproducible-builds.org/events/paris2018/ ↺ Paris

=> https://reproducible-builds.org/events/berlin2017/ ↺ Berlin

=> https://reproducible-builds.org/events/berlin2016/ ↺ Berlin

=> https://reproducible-builds.org/events/athens2015/ ↺ Athens

If you’re excited about joining us this year, please make sure to read the event page which has more details about the event and location. As in previous years, we will be sending invitations to all those who attended our previous summit events or expressed interest to do so. However also without receiving such a personal invitation please do email the organizers and we will find a way to accommodate you.

=> https://reproducible-builds.org/events/hamburg2023 ↺ the event page which has more details about the event and location

=> mailto:2023-summit-team@lists.reproducible-builds.org email the organizers

=> https://reproducible-builds.org/events/venice2022/ ↺ Venice

=> https://reproducible-builds.org/events/Marrakesh2019/ ↺ Marrakesh

=> https://reproducible-builds.org/events/paris2018/ ↺ Paris

=> https://reproducible-builds.org/events/berlin2017/ ↺ Berlin

=> https://reproducible-builds.org/events/berlin2016/ ↺ Berlin

=> https://reproducible-builds.org/events/athens2015/ ↺ Athens

=> https://reproducible-builds.org/events/hamburg2023 ↺ the event page which has more details about the event and location

=> mailto:2023-summit-team@lists.reproducible-builds.org email the organizers

School Decides To Harden Security By Giving EVERYONE The Same Password

=> https://www.techdirt.com/2023/07/05/school-decides-to-harden-security-by-giving-everyone-the-same-password/ ↺ School Decides To Harden Security By Giving EVERYONE The Same Password

Cyber security. It’s complicated.

New StackRot Linux kernel flaw allows privilege escalation [Ed: Bad for shared-user machines in particular. Notice how Microsoft-connected sites make it seem like the sky is falling when Linux has a privilege escalation bug, but when Microsoft has remotely-accessed bug doors, it's really not such a big deal because maybe in a few months Microsoft will bother plugging it (after millions of servers already got compromised).]

=> https://www.bleepingcomputer.com/news/security/new-stackrot-linux-kernel-flaw-allows-privilege-escalation/ ↺ New StackRot Linux kernel flaw allows privilege escalation

Technical information has emerged for a serious vulnerability affecting multiple Linux kernel versions that could be triggered with "minimal capabilities." The security issue is being referred to as StackRot (CVE-2023-3269) and can be used to compromise the kernel and elevate privileges.

StackRot Flaw Bug Fixed in Linux Kernel | Decipher [Ed: Before it was even exploited]

=> https://duo.com/decipher/stackrot-flaw-bug-fixed-in-linux-kernel ↺ StackRot Flaw Bug Fixed in Linux Kernel | Decipher

A new bug in the Linux kernel (CVE-2023-3269) known as StackRot has been fixed in versions 6.1-6.4.

Rekoobe Malware Used by Chinese Hacker Group Attack Linux system [Ed: This is not about Linux, it's about something else that happens to be happening at a higher level.]

=> https://cybersecuritynews.com/rekoobe-malware-chinese-hacker/ ↺ Rekoobe Malware Used by Chinese Hacker Group Attack Linux system

Mostly targets obsolete Linux servers or are in service with inappropriate settings and also involved in supply chain attacks.

Security updates for Thursday [LWN.net]

=> https://lwn.net/Articles/937481/ ↺ Security updates for Thursday [LWN.net]

Security updates have been issued by Debian (golang-yaml.v2, kernel, and mediawiki), Fedora (kernel and picocli), SUSE (bind and python-sqlparse), and Ubuntu (cpdb-libs).

If Kirkland & Ellis Can't Avoid Cyberattacks, Who Can? | The American Lawyer [Ed: Bill Gates' dad.]

=> https://www.law.com/americanlawyer/2023/07/05/if-kirkland-ellis-cant-avoid-cyberattacks-who-can/?slreturn=20230607002301 ↺ If Kirkland & Ellis Can't Avoid Cyberattacks, Who Can? | The American Lawyer

=>

Kirkland and Am Law 50 peers K&L Gates and Proskauer Rose are among the latest victims of a sweeping cyber breach. “It proves that nobody is immune” said Zach Olsen president of communications firm Infinite Global.

Details emerging about 2018 TPCHD database hack. Pierce records among those affected

=> https://www.thenewstribune.com/news/local/article277046143.html ↺ Details emerging about 2018 TPCHD database hack. Pierce records among those affected

The new interim leader for the Tacoma-Pierce County Health Department started her role with news about a 5-year-old data breach the department says it learned about just last month. TPCHD’s Cindan Gizzi announced the news immediately after being appointed the department’s interim director during Wednesday’s Tacoma-Pierce County’s Board of Health meeting. TPCHD provided further details to The News Tribune after the meeting in response to questions.

Police arrest suspect linked to notorius OPERA1ER cybercrime gang [Ed: Microsoft Windows gets you in trouble]

=> https://www.bleepingcomputer.com/news/security/police-arrest-suspect-linked-to-notorius-opera1er-cybercrime-gang/ ↺ Police arrest suspect linked to notorius OPERA1ER cybercrime gang

Law enforcement has detained a suspect believed to be a key member of the OPERA1ER cybercrime group, which has targeted mobile banking services and financial institutions in malware, phishing, and Business Email Compromise (BEC) campaigns.

The gang, also known as NX$M$, DESKTOP Group, and Common Raven, is suspected of having stolen between $11 million and $30 million over the last four years in more than 30 attacks spanning 15 countries across Africa, Asia, and Latin America. [...] Researchers at Symantec also found links between OPERA1ER and a cybercriminals group they track as Bluebottle that used a signed Windows driver in attacks against at least three banks in French-speaking African countries.

gemini.tuxmachines.org