#ssh

As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.

### Impact Note: "Pebble" here refers to [Canonical's service manager](https://github.com/canonical/pebble), not the [Let's Encrypt ACME test server](https://github.com/letsencrypt/pebble). The API behind `pebble pull`, used to read files from the workload container by Juju charms, allows access from any user, instead of just admin. In Juju Kubernetes sidecar charms, Pebble and the charm run as root, so they have full access. But if another restricted unix user gains local access to the container host, they could hit the Pebble `GET /v1/files?action=read` API and would be allowed to read any file in the workload container, for example an ssh key or database password or other sensitive information. If there are ssh keys they could then potentially ssh into the workload, or if something like a database password they could log into the database. Note that this requires local user access to the host machine. It seems unlikely that an attacker could gain this level of access in a Juju Ku...

An April 2023 study from Kent State University found that remote workers are more likely to be vigilant of security threats and take actions to ward them off than their in-office counterparts.

The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.

Red Hat Security Advisory 2024-1601-03 - An update for curl is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.

Details are starting to emerge about a stunning supply chain attack that sent the open source software community reeling.

By Waqas Critical Backdoor Alert! Patch XZ Utils Now (CVE-2024-3094) & Secure Your Linux System. Learn how a hidden backdoor… This is a post from HackRead.com Read the original post: Backdoor Discovered in XZ Utils: Patch Your Systems Now (CVE-2024-3094)

Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse.

Debian Linux Security Advisory 5651-1 - Two security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting or denial of service.

Gentoo Linux Security Advisory 202403-4 - A backdoor has been discovered in XZ utils that could lead to remote compromise of systems. Versions less than 5.6.0 are affected.