Security Issues and Proprietary Software
-
Episode 344 - Python tarfile – 2022 is nothing like 2007 – Open Source Security
Josh and Kurt talk about a newly rediscovered old python vulnerability. It raises a lot of questions about what was OK in 2007 vs whatâs OK in 2022. The issue is very complicated and has a wild story surrounding it. There is no reason to not fix this in 2022.
-
iTWire - Data from old attack on Optus parent Singtel surfaces on Web forum
Data stolen from Singapore's multinational telecommunications conglomerate Singtel on 20 January last year, during an attack through a file-sharing system from Accellion that was close to end-of-life at the time, has surfaced on a forum on the clear Web. Singtel owns the Australian telco Optus which recently suffered a massive data breach.
The Singtel data was posted on 7 October and may have been put up now in order to capitalise on the news around Optus which announced on 22 September it had been breached.
Asked about the data, a Singtel spokesman told iTWire: "[This] refers to data stolen during the 2021 zero-day attack on Accellionâs (now known as Kiteworks) file-sharing application, which affected many companies worldwide including Singtel."
The individual who posted the Singtel data claims that there is a total of 74.7GB of data. Some of the files released to satisfy likely buyers as to their authenticity appear to be genuine.
-
Meta finds 400 mobile apps out to steal Facebook login info
About 40% of the apps were disguised as photo editing tools. The others fell into a range of categories including gaming, lifestyle, business utility and virtual private networks.
-
Education Ministry puts record keeping software on hold due to cybersecurity concerns
The Education Ministry paused the roll out of Te Rito, a system that would help early childhood centres, schools and the ministry share and store information about students, in the middle of last year.
The ministry said it reviewed schools' systems for storing student information after major cyber security breaches in New Zealand in June last year.