Security Leftovers

posted by Roy Schestowitz on Mar 21, 2023,
updated Mar 21, 2023

• Why do I need to secure my Linux hosts?

  Linux is an open-source operating system that powers millions of devices, from smartphones and laptops to web servers and data centers.

• The Center for Internet Security critical controls

  The Center for Internet Security (CIS) is a non-profit organization that focuses on enhancing the cybersecurity posture of public and private organizations

• From Phishing Kit To Telegram... or Not, (Mon, Mar 20th)

  Phishing kits are not new, they are plenty in the wild, and my honeypot collects many samples daily. Usually, a phishing kit will collect credentials and send them to a compromised server (WordPress is generally an excellent target to host this kind of malicious code).

• Latitude Financial says personal data of 330,000 stolen in breach

  Also stolen were Medicare card and passport details, though this was 1% and 4% respectively of the total data theft, Latitude said.

  {loadposition sam08}The breach is now being investigated by the Australian Federal Police.

• Dish Network updates on ransomware attack

  Dish Network stated it reinstated the ability customers of its Boost Mobile brand to access account information as it provided an update on its bid to recover from a cyberattack in February.

  The operator last week explained Boost Mobile subscribers can pay their bills online, at stores and through apps.

  Dish Network remains tight-lipped on the details of the attack:

  Brett Callow, a threat analyst at anti-virus software company Emsisoft, told Mobile World Live (MWL) a lack of detail from Dish Network about the attack makes it hard to interpret what happened.

• IcedID’s VNC Backdoors: Dark Cat, Anubis & Keyhole

  In this post we introduce Dark Cat, Anubis and Keyhole, three IcedID VNC backdoor variants NVISO observed. We'll follow by exposing common TTPs before revealing information leaked through the attackers' clipboard data.

• Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes

  Cryptocurrency ATM maker General Bytes discloses a security incident resulting in the theft of millions of dollars’ worth of crypto-coins.

• Why You Should Opt Out of Sharing Data With Your Mobile Provider

  A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device -- unless and until you affirmatively opt out of this data collection. Here's a primer on why you might want to do that, and how. Certain questions might be coming to mind right now, like "What the heck is CPNI?" And, 'If it's so 'customer proprietary,' why is AT&T sharing it with marketers?" Also maybe, "What can I do about it?" Read on for answers to all three questions.

• Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm

  Hitachi Energy has blamed a data breach affecting employees on the recent exploitation of a zero-day vulnerability in Fortra’s GoAnywhere solution.

• NBA Notifying Individuals of Data Breach at Mailing Services Provider

  NBA is notifying individuals that their information was stolen in a data breach at a third-party mailing services provider.

• Adobe Acrobat Sign Abused to Distribute Malware

  Cybercriminals are abusing the Adobe Acrobat Sign service in a campaign distributing the RedLine information stealer malware.

• New York Man Arrested for Running BreachForums Cybercrime Website

  Conor Brian Fitzpatrick of New York was arrested and charged last week for allegedly running the popular cybercrime forum BreachForums.

• After Data Breaches, Lawsuits Hit Two Arkansas Hospitals | Arkansas Business News | ArkansasBusiness.com

  After dealing with the financial effects of COVID-19, hospitals are facing a new threat: lawsuits following cyberattacks.

  Since January, four lawsuits have been filed against both Howard Memorial Hospital of Nashville and against the Mena Hospital Commission, which operates as the Mena Regional Health System. The lawsuits allege the hospitals were negligent in failing to prevent hackers from stealing tens of thousands of patient records and their financial information.

• Security updates for Monday [LWN.net]

  Security updates have been issued by Debian (firefox-esr, imagemagick, sox, thunderbird, and xapian-core), Fedora (chromium, containernetworking-plugins, guile-gnutls, mingw-python-OWSLib, pack, pypy3.7, sudo, thunderbird, tigervnc, and vim), Mageia (apache, epiphany, heimdal, jasper, libde265, libtpms, liferea, mysql-connector-c++, perl-HTML-StripScripts, protobuf, ruby-git, sqlite3, woodstox-core, and xfig), Oracle (kernel), Red Hat (firefox, nss, and openssl), SUSE (apache2, docker, drbd, kernel, and oracleasm), and Ubuntu (curl, python2.7, python3.10, python3.5, python3.6, python3.8, and vim).

• High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0

  Multiple high-impact security issues have been discovered in Thunderbird, which could result in denial of service (DoS) attacks leading to server crashes and loss of access, the execution of arbitrary code, or spoofing attacks. These findings include a vulnerability involving the incorrect code generation during JIT compilation (CVE-2023-25751), and high-severity memory safety bugs present in Thunderbird 102.8 (CVE-2023-28176).

• Cybercriminals capitalize on Silicon Valley Bank's demise

  The collapse of Silicon Valley Bank (SVB), once the go-to financial institution for early-stage technology businesses and startups, is being exploited by cybercriminals. In this blog post, we discuss some of the tactics and techniques Netcraft has already detected criminals using to exploit SVB’s collapse – either directly or indirectly – as a lure.

  As the flurry of COVID-themed attacks proved, cybercriminals waste no time in exploiting the attention such stories generate. Criminals often exploit current news stories, or specific times of year (like tax reporting) to make their scam seem more relevant to victims.

• The end of PfP: Pain-free Passwords

  Seven years ago I created a password manager. And a few days ago I pushed out the last release for it, notifying users that nothing else will come now. Yes, with the previous release being from 2019, this might have been obvious. Now it’s official however, PfP: Pain-free Passwords is no longer being developed.

• Asian attack group deploys new forms of malware to target companies

  A previously little-documented attack group based in Southeast Asia has been actively targeting companies worldwide to steal data using new forms of malware.

• Meta executive working in Greece was hacked by ‘Predator’ spyware

  A dual U.S.-Greek national working for Meta Platforms Inc. was surveilled by surveillance-for-hire software for around one year, it was reported today. At the time, Artemis Seaford was in Greece working as a trust and safety manager on Meta’s security policy team.

• NBA notifies fans of data breach at third-party newsletter provider

  The National Basketball Association is the latest organization to suffer a data breach, with fan data stolen following the hack of a third-party newsletter service provider.

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say

  The overall number of zero-day vulnerabilities discovered in the wild last year declined compared to numbers in 2021.