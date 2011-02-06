Proprietary Software and Security Leftovers
Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs [Ed: Microsoft installing back doors in GNU/Linux]
Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems.
The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure that's automatically deployed in many Azure services...
Malicious Linux version of Cobalt Strike hacking tool found [Ed: It is more about Windows than "Linux"]
“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution
Supply chain cyberattacks have disrupted everyday life and dominated headlines this year. One of the biggest challenges in preventing them is that our digital supply chain is not transparent. If you don’t know what’s hidden in the services and products you use every day, how can you manage the risk?
Wiz’s research team recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.
The source of the problem is a ubiquitous but little-known software agent called Open Management Infrastructure (OMI) that’s embedded in many popular Azure services.
Customer Care Giant TTEC Hit By Ransomware
TTEC, [NASDAQ: TTEC], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.
Forced Entry: NSO Group Spies Secretly Seized Control of Apple Devices by Exploiting Flaw in Code
Apple has released an emergency software update to fix a security flaw in its iPhones and other products researchers found was being exploited by the Israeli-based NSO Group to infect the devices with its Pegasus spyware. The security exploit exposes “widespread abuse that we have associated with NSO Group and other companies like it,” says Ronald Deibert, director of the University of Toronto’s Citizen Lab, which discovered the security flaw. “This is … the most important crisis around global civil society right now.” Over 1.65 billion Apple products in use around the globe have been vulnerable to the spyware since at least March.
General promises 'surge' to fight ransomware attacks [iophk: Windows TCO]
Gen. Paul Nakasone, the head of U.S. Cyber Command and director of the National Security Agency (NSA), is working to “surge” efforts to respond to the mounting ransomware attacks on critical U.S. organizations.
General promises US ‘surge’ against foreign cyberattacks [iophk: Windows TCO]
In an interview Tuesday with The Associated Press, Gen. Paul Nakasone broadly described “an intense focus” by government specialists to better find and share information about cyberattacks and “impose costs when necessary.” Those costs include publicly linking adversarial countries to high-profile attacks and exposing the means by which those attacks were carried out, he said.
LibreOffice 7.2 Gets First Point Release, More Than 85 Bugs Were Fixed
Released less than a month ago, the LibreOffice 7.2 office suite has been already adopted by hundreds of thousands of computer users as it’s another great release of the popular, cross-platform and free office suite that continues to improve the interoperability with the MS Office document formats. Now, LibreOffice 7.2.1 is here as the first maintenance update to the LibreOffice 7.2 series, fixing as many as 87 bugs across all core components. Detailed about these bug fixes are provided in the changelogs from the RC1 and RC2 development milestones.
