Tux Machines

Security Leftovers

Posted by Roy Schestowitz on May 11, 2023

AWS open-sources snapshot fuzzing and policy authorization tools

Amazon Web Services Inc. said today that it’s open-sourcing two new projects, including a new fuzzing tool for finding vulnerabilities in software and an authorization policy language for controlling application access.

Sec firm Dragos says threat actor failed in extortion bid after attack

The threat actor claimed in a post on the dark web that more than 130GB of data was exfiltrated from the company. The post was included in a tweet from vx-underground which publishes data about malware source code, samples, and papers.

Microsoft issues optional fix for Secure Boot zero-day used by malware

Microsoft has released security updates to address a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware to infect fully patched Windows systems.

Microsoft’s May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug [Ed: Newer bug doors ready to deploy on PCs]

Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild.