PC Security and Other Useful Information

Security Mailer Volume 22 Number 14

• Mozilla updates
  • Firefox
  • Firefox ESR
  • Thunderbird
• Cisco security advisories
• Open Source
  • Linux Kernel
  • Apache HTTP Server
  • Open VPN
• Linux updates and patches
• General Security reviews last week
• News entries
• EXCEL spreadsheet covers the CISA Known Exploited Vulnerabilities database

Hackers breach MailChimp’s internal tools to target crypto customers

“Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.”

Security Mailer Volume 22 Number 10

• Adobe security updates
• Mozilla updates
  • Firefox, Firefox ESR
  • Thunderbird
• Cisco security advisories
• Open Source – important update for Linux Kernel (patch now)
• Linux updates and patches
• Microsoft Tuesday, includes critical update for Exchange Server
• General Security reviews last week, general news entries
• EXCEL Spreadsheet covering all the updates released on Microsoft Tuesday Both XLS and XLSX versions provided

Microsoft Patch Tuesday, March 2022 Edition

“Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users (that we know of), and relatively few “critical” fixes. And yet we know from experience that attackers are already trying to work out how to turn these patches into a roadmap for exploiting the flaws they fix. Here’s a look at the security weaknesses Microsoft says are most likely to be targeted first.”

Linux has been bitten by its most high-severity vulnerability in years

“Linux has yet another high-severity vulnerability that makes it easy for untrusted users to execute code capable of carrying out a host of malicious actions, including installing backdoors, creating unauthorized user accounts, and modifying scripts or binaries used by privileged services or apps.

Dirty Pipe, as the vulnerability has been named, is among the most serious Linux threats to be disclosed since 2016, the year another high-severity and easy-to-exploit Linux flaw (named Dirty Cow) came to light as it was being used to hack a researcher’s server. Researchers in 2016 demonstrated how to exploit Dirty Cow to root any Android phone, regardless of the mobile OS version. Eleven months later, researchers unearthed 1,200 Android apps in third-party markets that maliciously exploited the flaw to do just that.”

Security Mailer Volume 22 Number 9

• Mozilla updates
  • Firefox
  • Firefox ESR
• Cisco security advisories
• Open Source Linux Kernel, Expat, PHP
• Linux updates and patches
• General Security reviews last week
• Misc news entries

Microsoft warning: Some files might not be deleted when you reset a Windows PC

“Microsoft has warned Windows 10 and Windows 11 users that files might not be deleted after resetting the device using the “Remove everything” option.

The issue stems from Microsoft’s OneDrive cloud file service and could mean files that were synced locally remain on a computer after a local or remote reset, which admins might do before handing the device to a new owner.  “

Security Mailer Volume 22 Number 8

• Cisco security advisories
• Open Source tiff, zsh, Linux Kernel
• Linux updates and patches
• General Security reviews last week
• Misc. news entries

Security Mailer Volume 22 Number 4

• Apple Security Updates
• Cisco Security Advisories
• Open Source
  • Linux Kernel
  • Thunderbird
  • Polkit
• Linux updates and patches
• General Security reviews last week
• Google drops FLoC, Lets Encrypt Certificate Revocation
• Ransomware targeting QNAP NAS devices

Security Mailer Volume 21 Number 52

• Open Source patches
  • OpenJDK
  • log4j12
  • OpenSSH
• Linux updates and patches
• Microsoft breaks Exchange Server with faulty anti malware update
• General Security reviews last week
• Wireshark updates