Security Leftovers
-
Security updates for Friday [LWN.net]
Security updates have been issued by CentOS (firefox, rsync, systemd, and thunderbird), Debian (chromium, dpdk, and sofia-sip), Fedora (kernel, thunderbird, and zlib), Red Hat (pcs and rh-mariadb103-galera and rh-mariadb103-mariadb), Slackware (poppler), SUSE (cifs-utils, curl, dwarves and elfutils, firefox, flatpak, gnutls, gpg2, harfbuzz, ignition, kernel, ldb, samba, libslirp, libsolv, libzypp, zypper, libtirpc, logrotate, mozilla-nss, ncurses, open-vm-tools, openssl-1_1, p11-kit, pcre, pcre2, podman, postgresql12, postgresql13, postgresql14, python-M2Crypto, python3, rsync, salt, spice, systemd-presets-common-SUSE, tiff, ucode-intel, xen, and zlib), and Ubuntu (curl, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-ibm, linux-kvm, linux-lowlatency, linux, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-snapdragon, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, and linux-aws-hwe).
-
curl's TLS fingerprint | daniel.haxx.se
The phrase TLS fingerprint is of course in this spirit. A pattern in a TLS handshake that allows an involved party to tell or at least guess with a certain level of accuracy what client software that performed it – purely based on how exactly the TLS magic is done. There are numerous different ways and variations a client can perform a TLS handshake and still be standards compliant. There is a long list of extensions that can vary in content, the order of the list of extensions, the ciphers to accept, the allowed TLS versions, steps performed, the order and sequence of those steps and more.
When a network client connects to a remote site and makes a TLS handshake with the server, the server can basically add up all those details and make an educated guess exactly which client that connects to it. One method to do it is called JA3 and produces a 32 digit hexadecimal number as output. (The three creators of this algorithm all have JA as their initials!)
-
Linux systems are being hit with more ransomware than ever [Ed: Well, ransomware is predominantly a Windows issue, based on extensive surveys of the issue; Trend Micro profits from selling to Windows users (snakeoil), so obviously it does not want "Linux" to succeed]
Targeted ransomware attacks are becoming more common as an increasing number of businesses adopt Linux systems, new research from Trend Micro has found.
-
India ranks second in cyber attacks on health system, report shows
The United States was the most targeted for cyber crimes, according to CloudSEK, an artificial intelligence company that deals in cyber threats.
[...]
The Covid-19 pandemic led to fast digitisation but budget constraints could not allow health systems to set up robust cybersecurity. Medjacking, where medical devices are hijacked, also surfaced as a major concern, the report added. It can lead to shut down of a life saving machine or equipment during surgery or in intensive care units.
Scroll.in has reached out to the National Health Authority and in-charge of the Ayushman Bharat Digital Mission for a response about the cyber security concerns raised by CloudSEK. The article will be updated once they respond.