Security Leftovers

posted by Roy Schestowitz on Feb 12, 2023

• Urgent OpenSSL Security Advisory: High-Severity Address Type Confusion Vuln Fixed

  On February 7, 2023 OpenSSL released a security advisory regarding several security vulnerabilities that were recently discovered and fixed, including a high-severity address type confusion bug that could be exploited by attackers to read memory contents or enact a denial of service (DoS).

  OpenSSL is a software library for applications that contains an open-source implementation of the SSL and TLS protocols and provides secure communications over computer networks. It is widely used by Internet servers, including the majority of HTTPS websites, making it critical that users are aware of the recent OpenSSL flaws that have been discovered, how to determine if they are at risk, and how to protect against them. That’s why we’re providing you with the information you need to know to understand and defend against the OpenSSL vulnerabilities discovered this week.

• Reproducible Builds (diffoscope): diffoscope 235 released

  The diffoscope maintainers are pleased to announce the release of diffoscope version 235. This version includes the following changes:

  [ Akihiro Suda ]
  * Update .gitlab-ci.yml to push versioned tags to the container registry.
    (Closes: reproducible-builds/diffoscope!119)
  
  
  
  
  [ Chris Lamb ]
  * Fix compatibility with PyPDF2. (Closes: reproducible-builds/diffoscope#331)
  * Fix compatibility with ImageMagick 7.1.
    (Closes: reproducible-builds/diffoscope#330)
  
  
  
  
  [ Daniel Kahn Gillmor ]
  * Update from PyPDF2 to pypdf. (Closes: #1029741, #1029742)
  
  
  
  
  [ FC Stegerman ]
  * Add support for Android resources.arsc files.
    (Closes: reproducible-builds/diffoscope!116)
  * Add support for dexdump. (Closes: reproducible-builds/diffoscope#134)
  * Improve DexFile's FILE_TYPE_RE and add FILE_TYPE_HEADER_PREFIX, and remove
    "Dalvik dex file" from ApkFile's FILE_TYPE_RE as well.
  
  
  
  
  [ Efraim Flashner ]
  * Update external tool for isoinfo on guix.
    (Closes: reproducible-builds/diffoscope!124)
  

• Deserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack

  Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

• MTU being blackmailed and held to ransom, court hears [Ed: Microsoft Windows TCO]

  Munster Technological University is being blackmailed and held to ransom by a group of hackers believed to be based either in Russia or part of the former Soviet Union, the High Court has heard.

  The cyber attack on MTU's IT system, which was detected in recent days, is believed to have been carried out by individuals in a ransomware group known as ALPHV aka BlackCat or Noberus, the court heard.

• Personal information exposed during breach in Edmonds School District's network

  The Edmonds School District said a "data event" is to blame for the technical problems that left the Edmonds schools without internet for nearly two weeks.

  On Friday, Edmonds said an investigation by third-party forensic specialists into the data event found that an "unauthorized actor" was able to get into the school's network and view personal information between Jan. 16 and Jan. 31.

• Medical records for 4,000 Garrison Women's Health patients lost: Here's what we know

  Medical records of Garrison Women’s Health patients were recently "subject to unauthorized third-party activity," according to information released Friday evening by Wentworth-Douglass Hospital.

  For 4,158 patients, data such as appointment records and some personal health information cannot be restored, according to Adam Bagni, spokesperson for the hospital. The hospital states "there is no evidence" the information was viewed or taken, citing a forensic investigation by Global Network Systems, which hosted the records on its servers as the practice's technology service provider.

• Cybersecurity Incident Shuts Down Biglaw Network

  On the plus side, the cybersecurity incident at Troutman Pepper does not appear to have compromised any client data. So, in a sense, the system worked.

  But as a damage recovery matter, leaving attorneys using personal email accounts and locally saved documents for over a day highlights that for all the talk about protecting data, the unheralded impact of a cyber breach tends to be leaving the firm technologically adrift for extended stretches while tech professionals perform clean up.

• Reddit was hacked in a phishing attack targeting its employees

  A Reddit employee's credentials were stolen in a targeted phishing attack, an administrator for the website has revealed, and hackers were able to infiltrate its systems on February 5th.

• Iran celebrates 44th anniversary of Islamic revolution as TV coverage hacked

  The Islamic Republic marked the 44th anniversary of the Iranian revolution on Saturday with state-organised rallies, as anti-government hackers briefly interrupted a televised speech by President Ebrahim Raisi.

• Hackers Interrupt Raisi Speech As He Claims Iranian Protesters Have Been Defeated

  In a defiant message on the anniversary of the 1979 Islamic Revolution, Iranian President Ebrahim Raisi said nationwide anti-government protests have been defeated.