edk2-20221117gitfff6d81270b5-13.fc37
update openssl (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304).
cherry-pick aarch64 bugfixes,
set firmware build release date,
add ext4 sub-package
chromium-110.0.5481.77-1.fc36
Update to 110.0.5481.77. Fixes the following security issues:
CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705 CVE-2023-25193
chromium-110.0.5481.77-1.el7
Update to 110.0.5481.77. Fixes the following security issues:
CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705 CVE-2023-25193
I had no idea—until I read this incredibly jargon-filled article:
Squid is a cross-chain liquidity and messaging router that swaps across multiple chains and their native DEXs via axlUSDC.
So there.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Tuesday was the official publication date of A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back. It broke into the 2000s on the Amazon best-seller list.
Reviews in the New York Times, Cory Doctorow’s blog, Science, and the Associated Press.
I wrote essays related to the book for CNN and John Scalzi’s blog.
Two podcast interviews: Keen On and Lawfare. And a written interview for the Ash Center at the Harvard Kennedy School.
Lots more coming, I believe. Get your copy here.
And—last request—right now there’s one Amazon review, and it’s not a good one. If people here could leave reviews, I would appreciate it.
It’s common for operational technology (OT) teams to connect industrial control systems (ICS) to remote control and monitoring centers via wireless and cellular solutions that sometimes come with vendor-run, cloud-based management interfaces. These connectivity solutions, also referred to as industrial wireless IoT devices, increase the attack surface of OT networks and can provide remote attackers with a shortcut into previously segmented network segments that contain critical controllers.
Industrial cybersecurity firm Otorio released a report this week highlighting the attack vectors these devices are susceptible to along with vulnerabilities the company’s researchers found in several such products. “Industrial wireless IoT devices and their cloud-based management platforms are attractive targets to attackers looking for an initial foothold in industrial environments,” the Otorio researchers said in their report. “This is due to the minimal requirements for exploitation and potential impact.”
Reddit said there was “no indication” of a breach of the company’s primary production systems
The latest iteration of the document is now analyzing activity by the Maui and H0lyGh0st groups
A Dallas state agency has admitted to paying $170,000 to hackers after it suffered an attack from the Royal ransomware group.
Read more in my article on the Hot for Security blog.
Reversing Labs said aabquerys was able to download second- and third-stage malware payloads
