Security Leftovers
-
Security updates for Monday [LWN.net]
Security updates have been issued by Debian (ffmpeg, libxml2, python-django, python-scciclient, and xen), Fedora (ghc-cmark-gfm, java-latest-openjdk, and vim), Mageia (expat, ntfs-3g, and wkhtmltopdf), Oracle (kernel), Slackware (sudo), and SUSE (expat, libxml2, rubygem-loofah, and xmlbeans).
-
Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data
Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs.
"Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive Security co-founder, Fabian Bräunlein, said in a report published on November 2, 2022.
-
Robin Banks Phishing Service for Cybercriminals Returns with Russian Server
A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services.
The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet.
-
The Conviction of Uber’s Chief Security Officer - Schneier on Security
I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. It’s a complicated case, and I’m not convinced that he deserved a guilty ruling or that it’s a good thing for the industry.
-
Former Uber Security Chief Found Guilty of Hiding Hack From Authorities
A jury found Joe Sullivan, who led security at the ride-hailing company, guilty on two different counts. The case could change how security professionals handle data breaches.