Tux Machines
Security Leftovers
Posted by Roy Schestowitz on Oct 12, 2024
Trail of Bits ☛ Auditing Gradio 5, Hugging Face’s ML GUI framework
[...]
Hugging Face hired Trail of Bits to audit Gradio 5, a popular open-source library that provides a web interface that lets machine learning (ML) developers quickly showcase their models. Based on our findings and recommendations from the audit, Gradio enhanced its application with strong, secure defaults across all deployment scenarios. End users can now rely on enhanced built-in security measures whether they’re running apps locally, deploying on Hugging Face Spaces or other servers, or using built-in share links.
Scoop News Group ☛ Marriott agrees to pay $52 million settlement, improve data security practices
The actions will settle investigations into security failures that led to overlapping data breaches affecting hundreds of millions of customers.
Pen Test Partners ☛ Imposter syndrome in cyber security
TL;DR Imposter syndrome is the belief that you are undeserving of your achievements Anyone can be affected by it There are ways to cope What is imposter syndrome?
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (chromium), Fedora (firefox, koji, unbound, webkit2gtk4.0, and xen), Red Hat (glibc, net-snmp, and tomcat), Slackware (mozilla), SUSE (apache-commons-io, buildah, cups-filters, liboath-devel, libreoffice, libunbound8, podman, and redis), and Ubuntu (cups-browsed, cups-filters, edk2, linux-raspi-5.4, and oath-toolkit).
ZDNet ☛ How to encrypt a file on Linux, MacOS, and Windows - and why [Ed: Some of these have back doors, which defeat the purpose]
Have a private document on your desktop OS? Here's how to keep it secure on Linux, MacOS, and Windows.
2024 Linux Kernel Vulnerabilities: Patch Without Rebooting
Linux kernel vulnerabilities are critical threats that can compromise the stability and security of Linux-based systems. In 2024, several new vulnerabilities have emerged, some of which may lead to memory corruption, crashes, or system instability.
This article explores the latest Linux kernel vulnerabilities, the updates provided by some major Linux distributions, and the strategies for securing your Linux system without downtime.
Cyber Security News ☛ GPTHoney – New Linux Honeypot To Engage In Real Time With Threat Actors
â¤A honeypot is a ‘cybersecurity mechanism’ that is primarily designed to lure threat actors away from legitimate targets. â¤
Cyber Security News ☛ Dark Angels Ransomware Attacking Windows And Linux, ESXi Systems [Ed: This is a VMware (proprietary, GPL violations) issue, not Linux]
On Windows, they replaced the traditional “HC-128 encryption†with “ChaCha20†and implemented “ECC†using “Curve25519†by generating unique “32-byte private keys†per file.