#amazon

Popular short-form video hosting service TikTok has been fined €5 million (about $5.4 million) by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after Amazon, Google, Meta, and Microsoft since 2020. "Users of 'tiktok[.]com' could not refuse cookies as easily as accepting them and they were not informed in a

The bargain T95 Android TV device was delivered with preinstalled malware, adding to a trend of Droid devices coming out-of-the-box tainted.

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

Ubuntu Security Notice 5804-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice 5803-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice 5802-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

SBOMs aren't enough. OpenSSF's Alpha-Omega brings in new blood to help secure the open source projects most impactful to the software supply chain.

This Tech Tip outlines the steps enterprise defenders should take as they protect their data in cloud environments in response to the security incident with the CI/CD platform.

Organizations are looking for new methods to safeguard the virtual machines, containers, and workload services they use in the cloud.