Security Leftovers

posted by Roy Schestowitz on Nov 23, 2022

• Open source and cybersecurity: from prevention to recovery

  So you have just installed the latest antivirus and turned on your shiny new firewall. Now your organisation is fully secure, right?

  The reality is that all the security products in the world will never be able to fully protect your data centre or your business from security threats. Because of the asymmetry between attackers and enterprises, cybersecurity is a problem that can never be solved and is never going away. The key is to realise that the journey towards a healthy infrastructure is one that has a beginning but not an end.

  So what does a good cybersecurity strategy look like? While Canonical is not a cybersecurity vendor, we make sure countless organisations around the world are safe from potential attackers. As the first link in the software supply chain, we play a critical role here.

• CISA Releases Eight Industrial Control Systems Advisories | CISA

  CISA has released eight (8) Industrial Control Systems (ICS) advisories on 22 November 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• AVEVA Edge [Ed: 9.8 out of 10 in severity. Microsoft TCO: "Windows UNC Share".]

  Successful exploitation of these vulnerabilities could allow an attacker to insert malicious DLL files and trick the application into executing code.

• Project Zero: Mind the Gap

  In June 2022, Project Zero researcher Maddie Stone gave a talk at FirstCon22 titled 0-day In-the-Wild Exploitation in 2022…so far. A key takeaway was that approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities. This finding is consistent with our understanding of attacker behavior: attackers will take the path of least resistance, and as long as vendors don't consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones.

• Apple Device Analytics Contain Identifying iCloud User Data, Claim Security Researchers - MacRumors

  On Twitter, security researchers Tommy Mysk and Talal Haj Bakry have found that Apple’s device analytics data includes an iCloud account and can be linked directly to a specific user, including their name, date of birth, email, and associated information stored on iCloud.

• Apple’s Device Analytics Can Identify iCloud Users - Schneier on Security

  Apple was just sued for tracking iOS users without their consent, even when they explicitly opt out of tracking.