-
New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems
OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability, codenamed regreSSHion, has been assigned the CVE identifier CVE-2024-6387. It resides in the OpenSSH server component, also known as sshd, which is designed to listen for…
-
Google to Block Entrust Certificates in Chrome Starting November 2024
Google has announced that it’s going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority’s inability to address security issues in a timely manner. “Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors…
-
OHSU board meeting swarmed by union members
Union workers presented a petition calling for no cuts to benefits before the board approved a $5.5B budget.
-
OBI CEO and board chair on Oregon’s ‘competitiveness crisis’
“Stopping Oregon’s competitive slide will require a commitment by the state’s elected leaders to recognize and address the policies and culture driving it. We can’t think of a better – and more necessary – focus for the 2025 legislative session.”
-
Portland’s heavy tax burden called out in new report
Tax Foundation finds Portland has highest business taxes and second-highest top marginal rate on wage income in the country.
-
Oregon leaders react to Supreme Court ruling on Grants Pass camping ban
The U.S. Supreme Court upheld the Oregon city’s camping ban in a 6-3 decision.
-
Agility Robotics inks deal with a logistic giant
Oregon’s Agility Robotics inked a multiyear deal with a logistics giant for commercial deployment of its humanoid robots, a first for the industry.
-
Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data
The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that’s designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has codenamed the extension TRANSLATEXT, highlighting its ability to gather…
-
GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others
GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3, and 16.11.5. The most severe of…
-
8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining
Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. “The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware code to run solely in memory and avoid disk-based detection mechanisms,” Trend Micro…
