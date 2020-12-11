Security and Proprietary Software
Security updates for Wednesday
Security updates have been issued by Debian (firefox-esr), Fedora (mingw-openjpeg2, openjpeg2, and synergy), openSUSE (audacity and gdm), Oracle (libexif, libpq, and thunderbird), Red Hat (firefox, gnutls, go-toolset:rhel8, java-1.7.1-ibm, java-1.8.0-ibm, kernel, kernel-rt, linux-firmware, mariadb-connector-c, mariadb:10.3, memcached, net-snmp, nginx:1.16, nodejs:12, openssl, pacemaker, postgresql:10, python-django-horizon, python-XStatic-Bootstrap-SCSS, python-XStatic-jQuery, and python-XStatic-jQuery224), Scientific Linux (gd, kernel, pacemaker, python-rtslib, samba, and targetcli), SUSE (openssh, PackageKit, spice, and spice-gtk), and Ubuntu (firefox and imagemagick).
Scammers set up Westpac site to steal customers' credentials
Scammers are taking advantage of the busy shopping season and trying to relieve customers of Westpac of some of their earnings, setting up a site that looks very much like the real thing to try and lure customers into entering their credentials.
DHS Cyber Warriors Issue Warning About Massive Hacking Campaign, Disclose They've Been Hacked A Day Later
Welp. Everything is compromised. Again.
FireEye and Microsoft silent on source of attacks, others pile on
Neither American cyber security firm FireEye nor software giant Microsoft, the two companies which carried out an investigation into supply chain attacks on many companies through software made by SolarWinds, have attributed the attacks to any country, least of all Russia, in their reports.
U.S. Treasury, Commerce Depts. [Cracked] Through SolarWinds Compromise
Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just the first of many such disclosures.
Suspected Russian [crackers] spied on U.S. Treasury emails - sources
The U.S. government has not publicly identified who might be behind the [attack], but three of the people familiar with the investigation said Russia is currently believed to be responsible for the attack. Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed [attack] on FireEye, a major U.S. cybersecurity company with government and commercial contracts.
When did FireEye know its defences had been breached?
ANALYSIS When did American cyber security firm FireEye become aware that it had been compormised and its crown jewels — its Red Team tools — stolen?
Pete Zaitcev: Google outage
It's very funny to hear about people who were unable to turn on their lights because their houses were "smart". Not a good look for Google Nest! But I had a real problem:
Google outage crashed my Thunderbird so good that the only fix is to delete the ~/.thunderbird and re-add all accounts.
Yes, really.
Graphics: Mesa 20.3, Zink and NVIDIA CUDA 11.2
Firefox 85 Will Let You Remove All Saved Logins with One Click, Drops Adobe Flash Support
Firefox 84 arrived on Tuesday with the WebRender feature enabled by default for some Linux systems using X11 and the GNOME desktop environment, as well as the ability to allocate shared memory on Linux systems for improved performance and increased compatibility with Docker. Firefox 84 is also the last version of the popular web browser to support the Adobe Flash Player plugin, which will no longer be supported by Adobe after January 12th, 2021. Therefore, Firefox 85 will be the first release of Mozilla’s web browser to no longer support Adobe Flash Player, which will improve performance and security.
today's howtos
UCS 5.0 Beta: Preview of the new generation
We published the last UCS major release (UCS 4.0) in 2016. With UCS 5.0, we have now decided to go for an extensive update of the technical base and design of UCS. The first beta version of UCS 5.0, which has now been released, provides an initial preview of these updates. While testers are invited to try it, app vendors are offered a possibility to port and adapt their software. The beta version gives a glimpse of the new UI design and already provides some of the planned functions. However, this preview is not intended for productive use. UCS 5.0 Beta: Preview of the new generation
