Cybersecurity

🔐The biggest risk in tech? Skill gaps where they matter most: security. "Cybersecurity Skills: A Framework That Works" -- an on-demand webinar -- lays out how to close them across 14 technical roles.

🎥 Watch now: https://training.linuxfoundation.org/resources/webinars/cybersecurity-skills-framework-webinar/

#CyberSecurity #DevSecOps #SREs #CTO #CISO #SysAdmins #Developers

#Russia Is Suspected to Be Behind Breach of Federal Court Filing System

https://www.nytimes.com/2025/08/12/us/politics/russia-hack-federal-court-system.html

#cybersecurity #DataBreach #PACER #law #justice

#DockerHub still hosts dozens of #Linux images with the #XZ #backdoor

https://www.bleepingcomputer.com/news/security/docker-hub-still-hosts-dozens-of-linux-images-with-the-xz-backdoor/

#cybersecurity #FOSS #Docker #XZUtils

Apparently N-able N-central has critical flaws that are being exploited in the wild. https://www.bleepingcomputer.com/news/security/cisa-warns-of-n-able-n-central-flaws-exploited-in-zero-day-attacks/

I am not surprised at all. Their software security leaves a lot to desire. Recently they downplayed actually critical flaw #CVE_2024_5445 (RCE as SYSTEM via MiTM as "low") as seen here:

https://sintonen.fi/advisories/n-able-ecosystem-agent-improper-certificate-validation.txt

"The vulnerability reported does not constitute an RCE, the Ecosystem agent is designed to run installation packages in a privileged context and the agent is doing what it should do when it receives such packages to install over the APIs."'

#cybersecurity #infosec

#Microsoft August 2025 #PatchTuesday fixes one zero-day, 107 flaws

https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2025-patch-tuesday-fixes-one-zero-day-107-flaws/

#cybersecurity #Windows

#Curl COMrades cyberspies hit govt orgs with custom #malware

https://www.bleepingcomputer.com/news/security/curly-comrades-cyberspies-hit-govt-orgs-with-custom-malware/

#cybersecurity

Over 3,000 #NetScaler devices left unpatched against #CitrixBleed2 bug

https://www.bleepingcomputer.com/news/security/over-3-000-netscaler-devices-left-unpatched-against-actively-exploited-citrixbleed-2-flaw/

#CitrixBleed #cybersecurity

#Windows11 23H2 Home and Pro reach end of support in November

https://www.bleepingcomputer.com/news/microsoft/windows-11-23h2-home-and-pro-reach-end-of-support-in-november/

#Microsoft #cybersecurity

Ok folks. If our curmudgeonly uncle has a couple of nice things to say about AI can't we all just get along?

https://www.schneier.com/blog/archives/2025/08/ai-applications-in-cybersecurity.html

#genai #cybersecurity

#SaintPaul #cyberattack linked to Interlock #ransomware gang

https://www.bleepingcomputer.com/news/security/saint-paul-cyberattack-linked-to-interlock-ransomware-gang/

#Minnesota #cybersecurity #DataBreach

"HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

MadeYouReset exploits a mismatch caused by stream resets between HTTP/2 specifications and the internal architectures of many real-world web servers. This results in resource exhaustion, and a threat actor can leverage this vulnerability to perform a distributed denial of service attack (DDoS)."

https://kb.cert.org/vuls/id/767506

#CVE_2025_8671 #infosec #cybersecurity

North Korean #Kimsuky hackers exposed in alleged #DataBreach

https://www.bleepingcomputer.com/news/security/north-korean-kimsuky-hackers-exposed-in-alleged-data-breach/

#cybersecurity #NorthKorea

#Netherlands: #Citrix #Netscaler flaw CVE-2025-6543 exploited to breach orgs

https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/

#cybersecurity

Details emerge on #WinRAR zero-day attacks that infected PCs with #malware

https://www.bleepingcomputer.com/news/security/details-emerge-on-winrar-zero-day-attacks-that-infected-pcs-with-malware/

#cybersecurity #Windows

#GitHub will be folded into #Microsoft proper as CEO steps down

https://arstechnica.com/gadgets/2025/08/github-will-be-folded-into-microsoft-proper-as-ceo-steps-down/

#OpenSource #cybersecurity

#Linux dev quits after "personal attacks" from user over #Kapitano #antivirus tool

https://www.neowin.net/news/linux-dev-quits-after-personal-attacks-from-user-over-kapitano-antivirus-tool/

#FOSS #cybersecurity #ClamAV

#MuddyWater’s #DarkBit #ransomware cracked for free data recovery

https://www.bleepingcomputer.com/news/security/muddywaters-darkbit-ransomware-cracked-for-free-data-recovery/

#cybersecurity #cybercrime

Over 29,000 #Exchange servers unpatched against high-severity flaw

https://www.bleepingcomputer.com/news/security/over-29-000-exchange-servers-unpatched-against-high-severity-flaw/

#Microsoft #cybersecurity

How #Python is Fighting Open Source's 'Phantom' Dependencies Problem

https://developers.slashdot.org/story/25/08/11/025214/how-python-is-fighting-open-sources-phantom-dependencies-problem

#FOSS #cybersecurity

Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere

https://techcrunch.com/2025/08/10/security-flaws-in-a-carmakers-web-portal-let-one-hacker-remotely-unlock-cars-from-anywhere/

#cybersecurity #car

$1M Stolen in 'Industrial-Scale #Crypto Theft' Using #AI-Generated Code

https://yro.slashdot.org/story/25/08/11/0037258/1m-stolen-in-industrial-scale-crypto-theft-using-ai-generated-code

#cybersecurity #cybercrime

#Rust's Annual Tech Report: Trusted Publishing for Packages and a C++/Rust Interop Strategy

https://developers.slashdot.org/story/25/08/10/0449256/rusts-annual-tech-report-trusted-publishing-for-packages-and-a-crust-interop-strategy

#FOSS #cybersecurity

How to Protect Yourself From Portable Point-of-Sale Scams

https://www.wired.com/story/portable-pos-thefts-how-to-protect-yourself-from-scams/

#scam #cybersecurity #guide

A reminder that upgrading your server might shut down parts of the security related components and leave services unintentionally exposed.

Upgrading should not be done without proper filtering of unwanted incoming traffic (via for example a firewall in front of the server).

Here we can see some database passwords and cryptographic secrets exposed during #debian13 upgrade due to PHP being down while the httpd was not.

#infosec #cybersecurity

"Nyx argues that the notion of requiring public housing residents to keep a hackable device that can become an audio eavesdropping tool in their apartment may represent the most disturbing application of the Halo 3C. “That kind of took it up a notch as far as how egregious this entire product line is,” Nyx says. “Most people have an expectation that their home isn’t bugged, right?”

As sensors like the Halo 3C proliferate across schools and even homes, Vasquez-Garcia says the biggest takeaway from his and Nyx’s findings ought to be that putting microphones and internet connections into every device in our lives as simple as a smoke detector is a decision that carries real risk. “If people remember one thing from this, it should be: Don’t blindly trust every internet of things device just because it claims to be for safety,” Vasquez-Garcia says. “The real issue is trust. The more we accept devices that say 'not recording' at face value, the more we normalize surveillance without really knowing what's inside or bothering to question it.”"

https://www.wired.com/story/school-bathroom-vape-detector-audio-bug/

#Cybersecurity #USA #Motorola #Surveillance #Privacy #Hacking #IoT #SmartObjects