Security and FUD Leftovers
-
The Global State of Cybersecurity Is Not Good - IT Jungle
“It’s a jungle out there” may be the best way to summarize the state of cybersecurity at the moment, as recent global events coalesce into a melting pot of politically motivated hackers, the criminal underground, foreign scammers, and widespread domestic vulnerabilities.
Let’s start with everybody’s favorite topic: scams. If you’re longing for the simple days of the Nigerian 419 scams, you’re not alone, as the playing field for scams has evolved considerably in recent years. That’s not to minimize the continued threat of the 419 scam, which sometimes resulted in a physical kidnapping, or worse. But the idea of getting ripped off via world travel sounds almost quaint by today’s rough-and-tumble digital standard.
-
3 steps to protect your home network
The typical setup for Internet connectivity today is for your home to have a router, usually a little physical box located somewhere in your house, that acts as a gateway to the rest of the world. The router creates a local network, and you connect your devices to it, including your computer, mobile, TV, game console, and anything else that needs to connect to the Internet or to each other. It's deceptively easy to think of this setup as there being two "sides" of your router: On one side there's the Internet, and on the other, your devices. That's an awful colloquial, though, because in reality there's an entire worldwide network of computers on one side of your router, and your digital life on the other. When you use the Internet directly, you're logging onto a shared area of somebody else's computer. When you're not using the Internet, it doesn't go away, and there are lots of scripts and programs out there designed to visit millions upon millions of routers in an attempt to find open ports or services. With the Internet of Things (IoT) commonplace, there are sometimes more services running on your home network than you realize. Here are three steps you can take to audit and protect your home network from unwanted traffic.
-
Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday
This month’s Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which offers a new privacy and security feature called “Lockdown Mode.” And Adobe axed 63 vulnerabilities in a range of products.
-
Security updates for Wednesday [LWN.net]
Security updates have been issued by CentOS (open-vm-tools), Debian (freecad and sqlite3), Fedora (qt5-qtwebengine and vim), SUSE (firefox, kernel, libzapojit, perl, postgresql14, and samba), and Ubuntu (dotnet6, dpdk, gdk-pixbuf, rust-regex, and systemd).
-
SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor [Ed: It's malware, not a "backdoor"; unlike Windows, here one needs to actually install it]
A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant.