Tux Machines

Security: diffoscope, "smart" things, patches, and LastPass security breach

Posted by Roy Schestowitz on Dec 02, 2022

The 7 Best Independent Linux Distros You Can’t Miss Out On

Pop OS 22.04 LTS - New Features and Release Updates

Reproducible Builds: diffoscope 228 released

↺ Reproducible Builds: diffoscope 228 released

The diffoscope maintainers are pleased to announce the release of diffoscope version 228. This version includes the following changes:

Consumer advice for buying smart IoT devices this Christmas | Pen Test Partners

↺ Consumer advice for buying smart IoT devices this Christmas | Pen Test Partners

Rightly or wrongly there’s plenty of fear, uncertainty, and downright doom associated with the IoT and devices.

So, is it safe to buy these things as gifts or even as a treat for yourself this year? In our opinion it probably is, as long as you follow some basic advice.

Security updates for Friday [LWN.net]

↺ Security updates for Friday [LWN.net]

Security updates have been issued by Debian (snapd), Fedora (firefox, libetpan, ntfs-3g, samba, thunderbird, and xen), SUSE (busybox, emacs, and virt-v2v), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws-hwe, linux-gcp, linux-hwe, linux-oracle, and tiff).

Intruders gain access to user data in LastPass incident • The Register

↺ Intruders gain access to user data in LastPass incident • The Register

Intruders broke into a third-party cloud storage service LastPass shares with affiliate company GoTo and gained access to "certain elements" of customers' information, the pair have confirmed.

LastPass did not define what it meant by "certain elements," saying it was unsure what data was looked at: "We are working diligently to understand the scope of the incident and identify what specific information has been accessed this morning."

Last night's statement also confirmed the attackers obtained the information to carry out the current intrusion using information stolen in an August attack, which we covered here.

LastPass Security Breach - Schneier on Security

↺ LastPass Security Breach - Schneier on Security

The company was hacked, and customer information accessed. No passwords were compromised.

gemini.tuxmachines.org