LightDM 1.32 Display Manager Released, Dropping Qt 4 Support The LightDM project announced the release of the LightDM 1.32 display manager with a host of fixes. Here’s what is new! A display manager is a program that provides graphical login capabilities for your Linux distribution. It manages user logins and graphic display servers and is used to start an X server session on the same or another computer. LightDM is a popular display manager that is characterized by its ability to work with all desktop environments. It is a lightweight cross-desktop display manager designed to be simple, fast, secure, and flexible. LightDM can use various front-ends called Greeters, a GUI that prompts the user for credentials to draw a User Interface. Additionally, LightDM supports different display technologies, including X11 and Wayland.

Security Leftovers Critical flaws in GPS tracker enable “disastrous” and “life-threatening” hacks | Ars Technica An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720, a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other Micodus tracker models. The China-based manufacturer says 1.5 million of its tracking devices are deployed across 420,000 customers. BitSight found the device in use in 169 countries, with customers including governments, militaries, law enforcement agencies, and aerospace, shipping, and manufacturing companies. BitSight discovered what it said were six “severe” vulnerabilities in the device that allow for a host of possible attacks. One flaw is the use of unencrypted HTTP communications that makes it possible for remote hackers to conduct adversary-in-the-middle attacks that intercept or change requests sent between the mobile application and supporting servers. Other vulnerabilities include a flawed authentication mechanism in the mobile app that can allow attackers to access the hardcoded key for locking down the trackers and the ability to use a custom IP address that makes it possible for hackers to monitor and control all communications to and from the device. The security firm said it first contacted Micodus in September to notify company officials of the vulnerabilities. BitSight and CISA finally went public with the findings on Tuesday after trying for months to privately engage with the manufacturer. As of the time of writing, all of the vulnerabilities remain unpatched and unmitigated.

Critical Vulnerabilities in GPS Trackers I wouldn’t have buried “vehicle control” in the middle of that sentence.

Oracle Releases July 2022 Critical Patch Update | CISA Oracle has released its Critical Patch Update for July 2022 to address 349 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Security updates for Thursday [LWN.net] Security updates have been issued by Mageia (kernel and kernel-linus), SUSE (dovecot23), and Ubuntu (freetype, libxml-security-java, and linux-oem-5.17).

U.S. Cybersecurity Apprenticeship Sprint Launched [Ed: This is the same government which mandates back doors universally] A 120-Day Cybersecurity Apprenticeship Sprint was announced at the recent National Cyber Workforce and Education Summit at the White House as part of new efforts to train “a skilled and diverse cybersecurity workforce.” “With approximately 700,000 cybersecurity positions open, America faces a national security challenge that must be tackled aggressively, the summit briefing said.