Security Leftovers
-
A Windows 11 Automation Tool Can Easily Be Hijacked [iophk: Windows TCO]
The attack is based on Microsoft’s Power Automate, an automation tool that was built into Windows 11. Power Automate uses a form of robotic process automation, also known as RPA, in which a computer mimics a human’s actions to complete tasks. If you want to get a notification each time an RSS feed is updated, you can build a custom RPA process to make that happen. Thousands of these automations exist, and Microsoft’s software can link up Outlook, Teams, Dropbox, and other apps.
The software is part of a broader low-code/no-code movement that aims to create tools people can use to create things without having any coding knowledge. “Every business user now has the power that the developer used to have,” Bargury says. His company exists to help secure low-code/no-code apps.
-
Ransomware Gang Accessed Water Supplier’s Control System [iophk: Windows TCO]
Now, security researchers who specialize in industrial control systems cybersecurity (ICS) and who have analyzed the data published by Cl0p think the gang could potentially have interfered with the systems of South Staff Water (SSW), a UK water supply provider.
“They appear to have had sufficient access in the environment to conduct further operations in the environment, if desired,” Mark Plemmons, senior director of threat intelligence at the ICS cybersecurity company Dragos, told Motherboard in an email.
-
Chile says gov’t agency struggling with ransomware attack [iophk: Windows TCO]
Chile’s cybersecurity incident response team said an unnamed government agency is dealing with a ransomware attack that targeted the organization’s Microsoft tools and VMware ESXi servers.
Chile’s CSIRT said the attack started last Thursday but did not respond to requests for comment about what group was behind the attack or what department or agency was attacked.
-
FBI and French officials arrive in Montenegro to investigate ransomware attack [iophk: Windows TCO]
The attacks, which were carried out Friday and Saturday, crippled government-run transportation services and online platforms for information, as well as water and electricity systems.
According to Public Administration Minister Maras Dukaj, 150 devices within 10 government agencies were infected, and many government websites are still down.
-
Investor lawsuit against SolarWinds over breach dismissed
Security firm SolarWinds has avoided a lawsuit filed by investors in Delaware last year, with Delaware Court of Chancery vice-chancellor Sam Glasscock dismissing the suit.
Investors sued the directors of the company, claiming they were aware of the risks that the firm's software posed, but failed to act to prevent devastating attacks that came to light in 2020. The attacks were given the moniker SUNBURST.
The suit was filed on 4 November 2021 in the Delaware Chancery Court, by the Construction Industry Labourers Pension Fund, the Central Labourers' Pension Fund, and two individual investors.
-
Security updates for Friday [LWN.net]
Security updates have been issued by Fedora (mediawiki), SUSE (libEMF, libnl-1_1, libnl3, mariadb, nodejs16, php8-pear, postgresql12, and rubygem-rake), and Ubuntu (linux-raspi, linux-raspi-5.4, and tiff).
-
Rethinking Responsible Disclosure for Cryptocurrency Security
The Biden administration has pointed, with alarm, to the national security implications of both cybersecurity and cryptocurrency. It’s just a matter of time before the government begins worrying about their intersection—cryptocurrency security. All of the United States’ international adversaries are in the business of exploiting bad cybersecurity, and many of them monetize their exploits using cryptocurrency. There’s nothing more natural for North Korean state hackers, Russian organized crime, or partially privatized cyberspies in China and Iran than to steal cryptocurrency to finance their national security operations. They’ll find an open door; because, as bad as overall cybersecurity is, the security of cryptocurrency is worse.
You only have to follow cryptocurrency news casually to be struck by the size and frequency of cryptocurrency security failures. That’s not your imagination, or press bias. Cryptocurrency really does have worse security than other digital technologies, and there’s a good chance it always will.
-
Responsible Disclosure for Cryptocurrency Security - Schneier on Security
Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. [...] Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software.
-
Reproducible Builds in August 2022
Welcome to the August 2022 report from the Reproducible Builds project! In these reports we outline the most important things that we have been up to over the past month. As a quick recap, whilst anyone may inspect the source code of free software for malicious flaws, almost all software is distributed to end users as pre-compiled binaries. The motivation behind the reproducible builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.