Attackers can attack Kemp LoadMaster with crafted HTTP requests

A critical vulnerability jeopardizes the security of servers with Kemp LoadMaster.

https://www.heise.de/en/news/Attackers-can-attack-Kemp-LoadMaster-with-crafted-HTTP-requests-10322282.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Serious security vulnerabilities threaten IBM AIX server operating system

Attackers can use two vulnerabilities in IBM AIX to compromise servers. There are also updates for IBM License Metric Tool v9.

https://www.heise.de/en/news/Serious-security-vulnerabilities-threaten-IBM-AIX-server-operating-system-10322188.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Web browser: Google plugs critical security leak in Chrome

Google updates the Chrome web browser and closes a security vulnerability classified as a critical risk.

https://www.heise.de/en/news/Web-browser-Google-plugs-critical-security-leak-in-Chrome-10321891.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Memory safety for web fonts: Skrifa is written in Rust, and created as a replacement for FreeType to make font processing in Chrome secure for all users. Skifra takes advantage of Rust's memory safety, and lets us iterate faster on font technology improvements in Chrome. Moving from FreeType to Skrifa allows Google to be both agile and fearless when making changes to our font code. https://developer.chrome.com/blog/memory-safety-fonts Does anyone know how Firefox handles web fonts security?

Apple Passwords app: Problematic bug is said to have existed for months

Attackers in a “privileged network position”, i.e., on the same Wi-Fi network, could read details from Apple's Passwords app. This allowed attacks.

https://www.heise.de/en/news/Apple-Passwords-app-Problematic-bug-is-said-to-have-existed-for-months-10321225.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

What do people think of @accrescent – some kind of new app store for Android?

Is the open source ecosystem ready for the Cyber Resilience Act?
62% of respondents remain unfamiliar with CRA, and compliance challenges are emerging. This new Linux Foundation Research report, in partnership with OpenSSF and LF Europe, explores key findings.

Read more
https://www.linuxfoundation.org/research/cra-readiness?hsLang=en

Google's vulnerability scanner checks container layers and Maven projects

The new version of Google's open source Vulnerability Scanner examines dependencies in container image layers and Maven projects.

https://www.heise.de/en/news/Google-s-vulnerability-scanner-checks-container-layers-and-Maven-projects-10320638.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Chaos at CISA: US cybersecurity agency brings back fired employees via website

Dismissed employees should report by e-mail - and will be released immediately upon their return. CISA denies rumors about its Red Team.

https://www.heise.de/en/news/Chaos-at-CISA-US-cybersecurity-agency-brings-back-fired-employees-via-website-10320334.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

New Privacy Guides article
by me:

If you want to keep your password manager local-only, KeePassXC is a great solution!

It's free,
Open-source,
Easy to install and use,
Doesn't require an account,
Works on Linux, macOS, and Windows,
And the team is here! @keepassxc

Here's how to set it up with a YubiKey: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/

If you are looking for a good password manager you can use from anywhere, there are plenty of excellent options to choose from. However, if you prefer to only store your passwords locally, KeePassXC is what you need. In our latest tutorial, we'll walk through setting up KeePassXC to work with your YubiKey as an additional factor to secure your local-only password database.

https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/

AI and LLM: Critical security gaps jeopardize the Flowise low-coding platform

Attackers can compromise Flowise servers, security researchers are already reporting attacks. An update is available.

https://www.heise.de/en/news/AI-and-LLM-Critical-security-gaps-jeopardize-the-Flowise-low-coding-platform-10319636.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Malware distributors: FBI warns of fraudulent online file converters

Anyone who uses free online services to convert text files, for example, can catch malware. The FBI points this out.

https://www.heise.de/en/news/Malware-distributors-FBI-warns-of-fraudulent-online-file-converters-10319323.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Cyberattack on municipal retirement homes in Mönchengladbach, Aerticket and more

A cyber attack paralyzes the IT of the municipal retirement homes in Mönchengladbach. Aerticket and the Swiss supermarket chain Spar restore their services.

https://www.heise.de/en/news/Cyberattack-on-municipal-retirement-homes-in-Moenchengladbach-Aerticket-and-more-10319171.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Google plans largest takeover in the company's history: Wiz

Alphabet is making a new attempt to acquire the security start-up Wiz. The data company is putting up seven billion dollars.

https://www.heise.de/en/news/Google-plans-largest-takeover-in-the-company-s-history-Wiz-10318837.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Ever worried about other users on your Linux server seeing what processes are running? The `hidepid` kernel feature is your friend! It makes processes invisible to anyone but the owner and root user, even in system monitoring tools like ps, top, htop, and btop. This is a great way to prevent sensitive information (like API keys or passwords used in command-line arguments) from being exposed. See how to configure it https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/ for more info.

Fake security warning: Fraudsters try to hijack Github accounts

Security researchers have reported attempted attacks on around 12,000 Github repositories. Attackers want to gain full control over accounts.

https://www.heise.de/en/news/Fake-security-warning-Fraudsters-try-to-hijack-Github-accounts-10317829.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Is there any push within the EU to work on Linux and other free software alternatives to US software, to stop having the whole administration of every single European country, and the EU itself, be totally dependent on software that can spy on us all for a hostile, nazi regime?

@senficon?

Online casinos such as "Slotmagie" offline after data loss

German online casinos of the Merkur Group shut down their games on Saturday. Before this, most private data of hundreds of thousands of people was accessible.

https://www.heise.de/en/news/Online-casinos-such-as-Slotmagie-offline-after-data-loss-10317086.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

If you still use one of these devices, you might want to start looking into alternatives.

"In an email sent to customers today, Amazon said that Echo users will no longer be able to set their devices to process Alexa requests locally [...] Starting on March 28, recordings of everything command spoken to the Alexa living in Echo speakers and smart displays will automatically be sent to Amazon and processed in the cloud."

https://arstechnica.com/gadgets/2025/03/everything-you-say-to-your-echo-will-be-sent-to-amazon-starting-on-march-28/

via https://mamot.fr/@pluralistic/114166991733057284