Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jul 08, 2023,

updated Jul 08, 2023

Fedora and Red Hat Leftovers
today's howtos

Security advisory: QXmlStreamReader

↺ Security advisory: QXmlStreamReader
A recently reported potential buffer overflow issue in QXmlStreamReader has been assigned the CVE id CVE-2023-37369

Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert

↺ Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert
Hackers linked to the Truebot malware are exploiting a year-old Netwrix Auditor flaw to break into organizations in the U.S. and Canada.

JumpCloud Says All API Keys Invalidated to Protect Customers

↺ JumpCloud Says All API Keys Invalidated to Protect Customers
JumpCloud is responding to an incident that has triggered a reset of all API keys in order to protect customers and their operations.

Vodafone is preparing for quantum attacks on smartphones [Ed: Those phones have back doors, no need to interject "quantum" hype here]

↺ Vodafone is preparing for quantum attacks on smartphones
British telecommunications company Vodafone is anticipating a future in which the power of quantum technology will override existing online security controls and render most smartphone networks vulnerable to cyber attacks.
↺ quantum technology
↺ quantum technology

Android Security Updates Patch 3 Exploited Vulnerabilities

↺ Android Security Updates Patch 3 Exploited Vulnerabilities
Google’s July 2023 security updates for Android patches 43 vulnerabilities, including three exploited in the wild.

28,000 Impacted by Data Breach at Pepsi Bottling Ventures

↺ 28,000 Impacted by Data Breach at Pepsi Bottling Ventures
The personal, financial, and health information of over 28,000 individuals stolen in data breach at Pepsi Bottling Ventures.

Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data

↺ Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data
Shell confirms that employee personal information has been stolen after the Cl0p ransomware group leaked data allegedly stolen from the energy giant.

Interpol: Key Member of Major Cybercrime Group Arrested in Africa [Ed: Microsoft Windows TCO]

↺ Interpol: Key Member of Major Cybercrime Group Arrested in Africa
Law enforcement authorities have arrested a suspected senior member of the French-speaking Opera1er cybercrime group.

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs

↺ StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs
A new Linux kernel vulnerability tracked as StackRot and CVE-2023-3269 shows the exploitability of use-after-free-by-RCU (UAFBR) bugs.

Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic

↺ Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic
Cisco says a high-severity vulnerability in Nexus 9000 series switches could allow attackers to intercept and modify encrypted traffic.

Vulnerability in Cisco Nexus 9000 switches may allow encrypted traffic to be intercepted

↺ Vulnerability in Cisco Nexus 9000 switches may allow encrypted traffic to be intercepted
Cisco Systems Inc. published a security advisory Wednesday warning customers of a high-severity vulnerability in its Nexus 9000 Series Fabric Switches in ACI mode that could allow an unauthenticated, remote attacker to read or modify inter-site encrypted traffic.

New tool exploits Microsoft Teams bug to send malware to users

↺ New tool exploits Microsoft Teams bug to send malware to users
A member of U.S. Navy’s red team has published a tool called TeamsPhisher that leverages an unresolved security issue in Microsoft Teams to bypass restrictions for incoming files from users...
gemini.tuxmachines.org