Security and Proprietary Leftovers

posted by Roy Schestowitz on Mar 16, 2023,
updated Mar 16, 2023

• Microsoft March 2023 Patch Tuesday, (Tue, Mar 14th) [Ed: The latest bug doors are ready to install]

  This month we got patches for 76 vulnerabilities. Of these, 9 are critical and 2 are already being exploited, according to Microsoft.

• Microsoft releases 80 patches, including two for exploited zero-days

  Microsoft has warned users of two zero-day vulnerabilities that have been exploited as it issued a total of 80 patches on its monthly Patch Tuesday.

  Four of these vulnerabilities were assigned by GitHub, the security firm Tenable pointed out.

  Tenable's senior staff research engineer Satnam Narang said of the remaining 76 fixes, nine were rated critical, 66 rated important and one was rated moderate.

• Critical Microsoft Outlook/365 bug CVE-2023-23397 under attack

• Latvian government agrees cyber-security strategy until 2026

  March 14, saw the Latvian government approved the draft "Latvian cyber security strategy 2023-2026" developed by the Ministry of Defense, which defines the main directions of action of national cyber security policy and identifies future challenges.

• Fintech startup Stripe integrating OpenAI's new GPT-4 AI

  OpenAI will also use Stripe's payment processing engine to charge its users, including for its ChatGPT Plus subscription, as well as to buy credits for the DALL-E image-generation product, according to Stripe.

• ‘Nobody is Safe’: In Wild Hacking Spree, [Crackers] Accessed Federal Law Enforcement Database

  Ceraolo previously provided Motherboard with details on the underground SIM swapping community, where hackers hijack phone numbers to steal victims’ cryptocurrency or their valuable social media handles. One 2020 article focused on how SIM swappers phished telecom company employees to access internal tools; another showed that SIM swappers had escalated from bribing employees to using remote desktop software to gain direct access to T-Mobile, AT&T, and Sprint tools.

• Rapid7 Buys Anti-Ransomware Firm Minerva Labs for $38 Million

  The Boston-based Rapid7 said it spent $38 million in cash [sic] and stock to snap up Minerva Labs, an early-stage startup that raised $7.5 million venture capital funding.

• Learning from Silicon Valley Bank's apologists

  Here's a terrible reason to support the SVB bailout: because if we let all the tech companies who did business with it fail, you might not be able to get into your house anymore after your smart-lock fails because the cloud service it depends on cuts off the startup that made it because their bank account went up in a puff of smoke:

  https://www.wired.com/story/silicon-valley-bank-collapse-fallout/

  Look, if you think the fact that my Internet of Shit door-lock failed because the company that designed it made no plan to let me into my house if they went out of business would make me sympathetic to that company, you are out of your fucking mind. If that happened to me, it would make me want to tear the lock out of my door, hunt down the CEO of the company that made it, set the lock on fire, and throw it through their front window.