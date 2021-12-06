Language Selection

Proprietary Software and Security Leftovers

Saturday 2nd of April 2022 06:51:02 PM Filed under
Security
  • Zlib data compressor fixes 17-year-old security bug – patch, errrm, now – Naked Security

    You’ve probably heard of Zlib, but even if you haven’t, you’ve almost certainly used it.

    Zlib’s unashamedly 1990s-style website describes the product as A Massively Spiffy Yet Delicately Unobtrusive Compression Library (Also Free, Not to Mention Unencumbered by Patents).

    Data compression software (and, of course, the matching code to decompress it later) has always been handy to have around, as anyone who has ever used software such as PKZIP, WinRAR, 7-Zip and any of a great number of archiving tools will attest.

    As you can imagine, the primary purpose of data compression is to save space, such as reducing the storage capacity needed for backups or cutting down on the bandwidth used for data transfer.

  • Viasat Hack Tied to Data-Wiping Malware Designed to Shut Down Modems | PCMag

    Security firm SentinelOne says malware known as AcidRain was likely used to take down Viasat's satellite internet network during Russia's invasion of Ukraine.

  • Google Chrome zero-day bug update shows the benefit of Lacros on a Chromebook

    Last week, news made the rounds about a new Google Chrome zero-day bug. Essentially, there is potential for executable code to be injected into your browser. Google Chrome received a patch last week to address this, but Chromebooks had to wait until yesterday. That’s when a Chrome OS 99 Stable Channel update became available. My Chromebook got the Google Chrome update last week though, showing the benefits of the Lacros browser.

  • GitLab issues security fix for easy account takeover flaw • The Register

    GitLab on Thursday issued security updates for three versions of GitLab Community Edition (CE) and Enterprise Edition (EE) software that address, among other flaws, a critical hard-coded password bug.

    The cloud-hosted software version control service released versions 14.9.2, 14.8.5, and 14.7.7 of its self-hosted CE and EE software, fixing one "critical" security vulnerability (CVE-2022-1162), as well as two rated "high," nine rated "medium," and four rated "low."

  • Lapsus$ extortion gang pulls new heist, say researchers • The Register

    The document above contains a log of what looks like the attack on Sitel, and detail a login over RDP followed by a Bing search for "Privilege escalation tools on GitHub" from a compromised machine. There's also evidence of malware downloads, termination of security software processes, and further skulduggery.

  • Two different “VMware Spring” bugs at large – we cut through the confusion

    Yesterday, we wrote about a bug in the VMware Spring product, a project we described as “an open-source Java toolkit for building powerful Java apps, including cloud-based apps, without needing to write, manage, worry about, or even understand the ‘server’ part of the process yourself.”

  • VMware Horizon platform pummeled by Log4j-fueled attacks [Ed: How to blame VMware problems on anyone but VMware]
  • Detailed: Critical hijacking bugs that took months to patch in Microsoft Azure Defender for IoT [Ed: Microsoft "Defender" as back doors]

    SentinelOne this week detailed a handful of bugs, including two critical remote code execution vulnerabilities, it found in Microsoft Azure Defender for IoT.

    These security flaws, which took six months to address, could have been exploited by an unauthenticated attacker to compromise devices and take over critical infrastructure networks.

Fuzzy search for C++ Reference, Qt documentation and more from shell, Vim or Neovim

I’ve been revamping my Neovim configuration (more on that some other time). I used to have a fuzzy searcher of Qt and C++ docs in Vim which would open the thing I searched for in a web browser or Qt Assistant (or cppman, but that is cppref only). That was tedious for a several reasons I’m not going to go into now, so I decided to use this Neovim configuration revamp to make shell-based documentation nicer. Read more

Top 15 Linux Students’ Productivity Tools & Software

There is no doubt that among operating systems, Linux efficiency is worth citing due to its excellence in performance and secure environment. But, even then, you may lose interest in this operating system and feel distracted. The reason may lie in the absence of some mind-blowing software and productivity tools that you may never have noticed. Therefore, in this article, we, as a team of linear programming help, have presented a vivid description of Linux students’ productivity software and tools that will help you automate your manual tasks, organize and form knowledge, address important issues, etc. Eventually, the tools can change your Linux user experience. So why be late, let’s get started! Read more

Speek.Chat - Privacy Focused Messenger built on Tor Network

Looking for a secure instant messaging app? Speek.Chat is a free open-source messenger based on Tor hidden network services. No server, no metadata, no ID or phone number! With it, users are only identified via public keys. By sharing the key to others, they can send request to add you into contact list and then start chatting. All messages and files are end-to-end encrypted and routed via the Tor network. No middleman server that could be compromised, taken down or leak user information. You can chat anonymous without exposing your identity (or IP) to anyone. Read more

GNU Health Hospital Management 4.0.3 patchset released

GNU Health 4.0.3 patchset has been released Read more

