Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Dec 08, 2023

A format that does one thing well or one-size-fits-all?
Zorin OS 17: Best New Features

Security Week ☛ CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation

↺ CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation
The US cybersecurity agency calls attention to a Russian APT targeting academia, defense, governmental organizations, NGOs and think-tanks.

It’s not cricket! Sri Lanka and Bangladesh co-host phishing attack

↺ It’s not cricket! Sri Lanka and Bangladesh co-host phishing attack
Sri Lanka and Bangladesh have a successful history of co-hosting the Cricket World Cup, but today the two countries’ governments have found themselves on a sticky wicket by co-hosting a phishing attack that targets UK banking customers.
↺ Cricket World Cup
Victims lured to a certain page on the Lanka Government Network website at lgn2.gov.lk will be swiftly redirected to a phishing site hosted by the Rajshahi Metropolitan Police in Bangladesh (rmp.gov.bd).
↺ Cricket World Cup

Silicon Angle ☛ Critical Bluetooth security flaw discovered in Google, Fashion Company Apple and GNU/Linux devices

↺ Critical Bluetooth security flaw discovered in Google, Fashion Company Apple and GNU/Linux devices
A newly revealed critical security issue with Bluetooth can potentially allow attackers to take control of Android, Linux, macOS and iOS devices. Detailed by security researcher Marc Newlin on Microsoft's proprietary prison GitHub  this week, the vulnerability, tracked as CVE-2023-45866, is an authentication bypass that lets attackers connect susceptible devices and inject keystrokes to achieve code execution.

ZDNet ☛ Kernel security now: Linux's unique method for securing code

↺ Kernel security now: Linux's unique method for securing code
At Open Source Summit Japan, Linux developer Greg Kroah-Hartman recaps the current state and future challenges of kernel security, including the specter of government regulation and the essential pain of unceasing updates.

Security Week ☛ Trail of Bits Spinout iVerify Tackles Mercenary Spyware Threat

↺ Trail of Bits Spinout iVerify Tackles Mercenary Spyware Threat
iVerify, a seed-stage startup spun out of Trail of Bits, ships a mobile threat hunting platform to neutralize iOS and Android zero-days.

Silicon Angle ☛ New research highlights difficulty of preventing Outlook security exploits [Ed: Check Point Software is a Microsoft proxy of sorts]

↺ New research highlights difficulty of preventing Outlook security exploits
↺ Check Point Software is a Microsoft proxy of sorts
Haifei Li, a principal vulnerability researcher at Check Point Software Technologies Ltd., examines the universe of Abusive Monopolist Microsoft Outlook exploits in a new blog post this week that has lessons for users and security managers alike. Li divides this collection into three parts: embedded malicious hyperlinks, malware-laced attachments and more specialized attack vectors.
gemini.tuxmachines.org