deltatux

AAKL, 29 days ago to meta

deleted_by_author

elduvelle, 1 month ago to linux

Why is it that there is no version / distribution of #Linux that does exactly what #Windows does? Well, without the bad aspects like spying on you.

I wonder if Microsoft is somehow suppressing this possibility… otherwise everyone would be using Linux 🤷

deltatux, 1 month ago to linux

A Microsoft engineer discovered a backdoor in the latest Linux release of xz, a popular compression format. Both Debian and Red Hat has issued security advisories for these and a 10/10 CVE was generated for this.

As most stable Linux distributions tend to freeze library versions, most people are likely unaffected. However, this does affect development versions of distros, short release window distros like Fedora and rolling release distros like Arch.
www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/

#linux #backdoor #xz #redhat #fedora #debian

deltatux, 3 months ago to mastodon

A new vulnerability in Mastodon was disclosed allowing attackers to perform account takeovers if they successfully exploit this vulnerability.

This vulnerability is being tracked as CVE-2024-23832 & has a 9.4/10 CVSS3 score, so it's a critical vulnerability.

As always, if you run a Mastodon instance, it's best if you can patch to the latest version as soon as possible.

www.bleepingcomputer.com/news/security/mastodon-vulnerability-allows-attackers-to-take-over-accounts/

#mastoadmin #mastodon #fediverse #patch #vulnerability #CVE_2024_23832

deltatux, 3 months ago to infosec

Global Affairs Canada, a federal government agency responsible for Canada's foreign relations & diplomatic service has suffered a massive cybersecurity breach.

It has been said that the cause of the breach may have been a vulnerable VPN system. Currently what is known is that at least 2 shared drives and "many" employees' emails, calendar and contacts were affected. Shared Services Canada & the Canadian Centre for Cybersecurity are currently investigating to find out the full scope of the breach.

www.cbc.ca/news/politics/global-affairs-security-breach-1.7099290?cmp=rss

#infosec #cybersecurity #databreach #cybercrime #govsec #GlobalAffairsCanada #Canada

AAKL, 5 months ago to android

deleted_by_author

mttaggart, 5 months ago to random

There are basically two irreconcilable camps in the Threads debate here.

• Camp 1, understandably, wants nothing to do with Meta and view them as an existential threat to the Fediverse for plenty of well-precedented reasons.

• Camp 2, also understandably, sees potential in connecting a managed platform that appeals to entities like news outlets and other services to the Fediverse, enabling us to access that information without requiring an account on a Meta-owned platform.

Camp 1 will not cede ground because they view the issue as existential.

Camp 2 will, I dunno, deal with it or move to a server where they can see what they want to see?

But given the scale of Threads already, widespread blocking of it will create a pretty noticeably weird gap in the federation graph, and make onboarding for new potential Fedi users even more confusing. That part, by itself, kinda sucks.

deltatux, 5 months ago to random

There is a new remote code execution vulnerability in Splunk that has been recently disclosed. It has a CVSS score of 8.8/10 and is currently tracked as CVE-2023-46214.

Splunk recommends admins to upgrade to 9.0.7 or 9.1.2 depending on which branch you're currently on.
www.helpnetsecurity.com/2023/11/27/cve-2023-46214-poc/

#Splunk #RCE #vulnerability #patch #SIEM #CVE_2023_46214

deltatux, 6 months ago to infosec

The Canadian government has disclosed that two of their contractors: Brookfield Global Relocation Services (BGRS) & SIRVA Worldwide Relocation & Moving Services were breached. These two contractors were tasked to provide relocation services to the federal public service, Canadian Forces & RCMP. The disclosure notes that the breach involved employee data as far back as 1999.

The Treasury Board of Canada Secretariat says that credit monitoring or reissuing passports will be made available to those who have been impacted by this data breach.

https://www.ctvnews.ca/canada/current-and-former-public-service-rcmp-military-members-affected-by-data-breach-federal-government-warns-1.6651343

#infosec #cybersecurity #databreach #CanadianForces #RCMP #Canada

deltatux, 6 months ago to infosec

Toronto Public Library has confirmed that during the cyberattack back on October 27 resulted in the loss of personal data of their staff dating as far back as 1998.

The library system confirmed that the attackers made off with personal information such as names, birthdates, social insurance numbers and home addresses.

For more: https://www.cbc.ca/news/canada/toronto/toronto-public-library-ransomware-employee-data-1.7028982

#infosec #cybersecurity #ransomware #databreach #TorontoPublicLibrary #PublicLibrary #Toronto #Ontario #Canada

deltatux, 6 months ago to infosec

In the recent case where 5 hospitals in southwestern Ontario suffered a cybersecurity attack, they have confirmed today that it was due to ransomware and that certain employee & patient data was leaked by the ransomware operators.

The affected hospitals and their non-profit IT provider are still trying to figure out the full extent of the breach and are also working with law enforcement & cyber-breach experts as well.

https://globalnews.ca/news/10067601/ontario-hospitals-data-published-ransomware-attack/

#infosec #cybersecurity #healthsec #hospital #healthcare #pii #databreach #ransomware #Ontario #Canada

deltatux, 7 months ago to infosec

5 southwestern Ontario hospitals have shut down online services including their patient record and email systems after a cyberattack on Monday. The nonprofit service provider that these hospital relies on stated that they’re still determining the scope and impact of the attack, and trying to determine if patient data were accessed.

There’s currently no word on when services will be restored. Hospital officials advise that patients will be contacted to have their appointments rescheduled.

https://www.cbc.ca/news/canada/windsor/windsor-hospital-system-1.7005158

#infosec #cybersecurity #cyberattack #hospital #Ontario #Canada

MishaalRahman, 7 months ago to random

The Pixel 8 series are the first Android phones to enable the Linux kernel's MGLRU feature by default!

MGLRU, which is short for multi-generational least recently used, improves Linux's page reclaim strategy. Google's benchmarks have shown that with MGLRU enabled, overall app launch times improve, there are fewer overall process kills, kswapd CPU use decreases, and more.

(1/3)

deltatux, 7 months ago to infosec

Looks like Microsoft has released patches against CVE-2023-4863 and CVE-2023-5217 vulnerabilities for Microsoft Edge, Teams and Skype. The patches revolve around the vulnerable the libvpx & libwebp open source libraries used by these products. Update now!

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-teams-get-fixes-for-zero-days-in-open-source-libraries/

#infosec #cybersecurity #Microsoft #Edge #Skype #MSTeams #patchnow #CVE_2023_4863 #CVE_2023_5217

mttaggart, 7 months ago to random

Is there yet a list of Electron apps and whether they've updated to patch for CVE-2023-5129?

BleepingComputer, 7 months ago to random

Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago.

https://www.bleepingcomputer.com/news/security/google-assigns-new-maximum-rated-cve-to-libwebp-bug-exploited-in-attacks/

deltatux, 8 months ago to infosec

The Citizen Lab (@citizenlab) & Google Threat Analysis Group has disclosed a new targeted spy campaign that utilizes newly disclosed zero day in iOS. These zero days contain a privilege escalation flaw in the OS kernel along with a WebKit flaw allows attackers to install spyware & snoop on victim devices.

Citizen Lab & Google urges iPhone & iPad users to update to iOS 17.0.1 as soon as possible.

https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/

https://support.apple.com/en-us/HT213926

#infosec #cybersecurity #cyberespionage #spyware #ios #zeroday #citizenlab #Google

deltatux, 8 months ago to privacy

The Privacy Commissioner of Canada finds that Canada Post violated the Privacy Act after collecting data from its postal operations, they used it to create marketing mailing lists & then selling that data to third parties without consent.

The Commissioner's report shows that Canada Post collected data on people's names, postal addresses & what kind of online shopping they do.

https://globalnews.ca/news/9977124/canada-post-privacy-law-violation/

#privacy #privacylaw #CanadaPost #Canada

AAKL, 8 months ago to microsoft

deleted_by_author

deltatux, 8 months ago to infosec

Pass-it-on organization, Freecycle discloses data breach affecting all users. The organization stated that the malicious attacker stole usernames, emails and hashed passwords.

At this time, Freecycle urges its members to change their passwords immediately as they're now considered insecure.

https://newswire.freecycle.org/2023/09/01/freecycle-data-breach/

#infosec #cybersecurity #databreach #Freecycle

nekohayo, 8 months ago (edited 8 months ago) to Philippines

East- #Asian techies, is there a #Linux / #GNOME / #Wayland compatible character recognition input method system that would allow someone to use a #Wacom tablet or touchscreen-capable laptop (or some Linux-compatible device) to write traditional #Chinese "as if writing on paper"?

#Cantonese mom has been stuck on Android for the past 8 years because learning phonetics-based / shape-based keyboard IMs on a computer seems way too complex.
https://en.wikipedia.org/wiki/Chinese_input_methods_for_computers#Shape-based would give anyone a panic attack.