Security Leftovers
-
Security updates for Monday [LWN.net]
Security updates have been issued by Debian (connman and e17), Fedora (curl, open-vm-tools, pcs, and python-lxml), Mageia (curl, dpkg, freecad, gimp, libtar, libtiff, mediawiki, ostree, python-lxml, schroot, SDL12, sdl2, wireshark, and zlib), Oracle (kernel and php:7.4), Red Hat (php:7.4), Slackware (vim), SUSE (chromium, kernel, libarchive, libtirpc, mupdf, python-rsa, ruby2.5, and virtualbox), and Ubuntu (linux-intel-iotg).
-
Holiday Inn Parent Company Hacked Through Weak Password
If you’ve wondered why having a strong password is necessary, this recent trouble is the reason. Intercontinental Hotels Group, the parent company of the Holiday Inn and other hotel chains, was hacked, and a Vietnamese couple is claiming responsibility for deleting the chain’s data, saying they did it through a week password.
[...]
A Vietnamese couple came forward and admitted to the BBC that they were behind the ICG cyberattack, yet deleting a large amount of data wasn’t the original plan. Initially, the plan was to launch a ransomware attack after they gained access to the company’s databases through a very weak password: “Qwerty1234.”
The couple, going by the name of TeaPea, reached the BBC through Telegram and supplied screenshots, which IHG confirmed were authentic, that showed them gaining access to ICG’s Outlook emails, Microsoft Teams chats, and server directories.
-
NSA Security Best Practices for Kubernetes [Ed: But NSA is anti-security and pro-back doors (which it hilariously redefines as "security"]