Hírolvasó

At the end of 2022, Paulus Schoutsen declared 2023 "the year of voice" for Home Assistant, the popular open-source home-automation project that he founded nine years ago. The project's goal this year is to let users control their home with voice commands in their own language, using offline processing instead of sending data to the cloud. Offline voice control has been the holy grail of open-source home-automation systems for years. Several projects have tried and failed. But with Rhasspy's developer Mike Hansen spearheading Home Assistant's voice efforts, this time things could be different.

Security updates have been issued by Debian (apache2), Oracle (firefox, nss, and openssl), Slackware (curl and vim), SUSE (dpdk, firefox, grafana, oracleasm, python-cffi, python-Django, and qemu), and Ubuntu (ruby2.7, sox, and tigervnc).

A Mandiant adatai szerint különböző hackercsoportok tavaly 55 zero-day sebezhetőséget használtak ki, ami bár 2021-hez képest enyhe csökkenést mutat, bizakodásra nem ad okot, az elemzők szerint a trend változatlanul az, hogy egyre nő a nulladik napi támadások száma. A zero-day sérülékenységeknek azokat a szoftverhibákat nevezzük, amelyek még azelőtt válnak ismertté ─ vagy rosszabb esetben kihasználttá […]

The post A 2022-es év főbb zero-day támadásaira hívja fel a figyelmet a Mandiant first appeared on Nemzeti Kibervédelmi Intézet.

Az olasz luxus sportautógyártó cég arról értesíti ügyfeleit, hogy illetéktelenek hozzáfértek a Ferrari egyes IT rendszereihez, amely során ügyféladatok, többek között nevek, e-mail címek és telefonszámok is kompromittálódtak.

The post Adatszivárgás történt a Ferrarinál, a cég nem hajlandó váltságdíjat fizetni first appeared on Nemzeti Kibervédelmi Intézet.

Version 9.2 of the GNU coreutils collection — the home of common tools like cp, mv, ls, rm, and more — is out. The changes are mostly minor; numerous bugs have been fixed and a few new command-line options have been added.

The kernel's direct map makes all of a system's physical memory available to the kernel within its address space — on 64-bit systems, at least. This seemingly simple feature has proved to be hard to maintain, in the face of the requirements faced by current systems, while keeping good performance. The latest attempt to address this issue is this patch set from Mike Rapoport adding more direct-map awareness to the kernel's page allocator.

Security updates have been issued by Debian (firefox-esr, imagemagick, sox, thunderbird, and xapian-core), Fedora (chromium, containernetworking-plugins, guile-gnutls, mingw-python-OWSLib, pack, pypy3.7, sudo, thunderbird, tigervnc, and vim), Mageia (apache, epiphany, heimdal, jasper, libde265, libtpms, liferea, mysql-connector-c++, perl-HTML-StripScripts, protobuf, ruby-git, sqlite3, woodstox-core, and xfig), Oracle (kernel), Red Hat (firefox, nss, and openssl), SUSE (apache2, docker, drbd, kernel, and oracleasm), and Ubuntu (curl, python2.7, python3.10, python3.5, python3.6, python3.8, and vim).

Daniel Stenberg observes the 25th anniversary of the curl project.

We really have no idea exactly how many users or installations of libcurl there are now. It is easy to estimate that it runs in way more than ten billion installations purely based on the fact that there are 7 billion smart phones and 1 billion tablets in the world , and we know that each of them run at least one, but likely many more curl installs.

Curl 8.0.0 has also been released (quickly followed by 8.0.1).

Ameriki kormányzati ügynökségek a LockBit ransomware legújabb, 3.0-ás verziójáról adtak ki figyelmeztetést.

The post A CISA figyelmeztetést adott ki a LockBit ransomware új verziójáról first appeared on Nemzeti Kibervédelmi Intézet.

Az amerikai profi kosárlabdaliga (National Basketball Association – NBA) e-mailben értesíti azon szurkolóit, akik érintettek egy adatvédelmi incidensben. Az NBA egy globális sport- és médiaszervezet, amely 5 professzionális sportligát irányít, köztük az NBA-t, a WNBA-t, a Basketball Africa Ligát, az NBA G Ligát és az NBA 2K Ligát. Világszerte több mint 215 országban, több mint […]

The post Adathalász támadásokra figyelmezteti szurkolóit az NBA first appeared on Nemzeti Kibervédelmi Intézet.

A Google összesen 18 zero-day sérülékenységet javított egyes Samsung Exynos lapkakészletek firmware-ében, amelyet számtalan eszközben alkalmaznak mobil és okoseszközöktől kezdve egészen autókig. A hibák közül négy igazán kritikus, ugyanis távoli kódvégrehajtást tehetnek lehetővé egy támadó számára. Biztonsági hibajavítás még nem érhető el minden érintett eszközhöz, védekezésként okostelefonokon javasolt a Wi-Fi hanghívás és a Voice-over-LTE (VoLTE) funkciók kikapcsolása.

The post Figyelem: kritikus sérülékenységeket találtak egyes Samsung lapkakészletekben, több mobileszköz is érintett first appeared on Nemzeti Kibervédelmi Intézet.

The 6.3-rc3 kernel prepatch is out for testing. "So rc3 is fairly big, but that's not hugely usual: it's when a lot of the fixes tick up as it takes a while before people find and start reporting issues."

In a late-stage addition prior to the release of OpenBSD 7.3, Mark Kettenis (kettenis@) has committed [more] aggressive randomisation of the stack location for all 64-bit architectures except alpha:

Read more…

One small but significant step for routing security on the Internet happened Sunday 19th of March 2023 with the release of version 8.3 of rpki-client.

The announcement reads,

Subject: rpki-client 8.3 released From: Sebastian Benoit <benno () openbsd ! org> Date: 2023-03-19 12:46:27 rpki-client 8.3 has just been released and will be available in the rpki-client directory of any OpenBSD mirror soon. rpki-client is a FREE, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of BGP announcements. The program queries the global RPKI repository system and validates untrusted network inputs. The program outputs validated ROA payloads, BGPsec Router keys, and ASPA payloads in configuration formats suitable for OpenBGPD and BIRD, and supports emitting CSV and JSON for consumption by other routing stacks.

Read more…

Version 16.0.0 of the LLVM compiler suite has been released. As usual, the list of changes is long; see the specific release notes for LLVM, Clang, Libc++, and others linked from the announcement.

The Free Software Foundation has announced the recipients of this year's Free Software Awards:

• Eli Zaretskii (advancement of free software)
• Tad (SkewedZeppelin) (outstanding new free software contributor)
• GNU Jami (project of social benefit)

With the following commit, Theo de Raadt (deraadt@) moved -current to version 7.3:

CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2023/03/17 16:52:22 Modified files: sys/conf : newvers.sh Log message: remove -beta tag

For those unfamiliar with the process: this is not the 7.3 release, but is part of the standard build-up to the release.

Read more…

OpenBGPD 7.8 has been released and the announcement may be read here.

Read more…

BPF programs destined to be loaded into the kernel are generally written in C but, increasingly, the environment in which those programs run differs significantly from the C environment. The BPF virtual machine and associated verifier make a growing set of checks in an attempt to make BPF code safe to run. The proposed addition of an iterator mechanism to BPF highlights the kind of features that are being added — as well as the constraints placed on programmers by BPF.

The 6.2.7, 6.1.20, 5.15.103, 5.10.175, 5.4.237, 4.19.278, and 4.14.310 stable kernels have been released. As usual, they contain important fixes throughout the kernel tree; users should upgrade.