Security Leftovers
-
Brendan Gregg: eBPF Observability Tools Are Not Security Tools
eBPF has many uses in improving computer security, but just taking eBPF observability tools as-is and using them for security monitoring would be like driving your car into the ocean and expecting it to float. Observability tools are designed have the lowest overhead possible so that they are safe to run in production while analyzing an active performance issue. Keeping overhead low can require tradeoffs in other areas: tcpdump(8), for example, will drop packets if the system is overloaded, resulting in incomplete visibility. This creates an obvious security risk for tcpdump(8)-based security monitoring: An attacker could overwhelm the system with mostly innocent packets, hoping that a few malicious packets get dropped and are left undetected. Long ago I encountered systems which met strict security auditing requirements with the following behavior: If the kernel could not log an event, it would immediately **halt**! While this was vulnerable to DoS attacks, it met the system's security auditing non-repudiation requirements, and logs were 100% complete.
-
Devuan Users Are at Risk, Take Action to Protect Your System
A newly discovered security issue in Devuan's default installation allows for obtaining root privileges without a password.
-
Google Blocked 1.4 Million Bad Apps From Google Play in 2022
Google says it prevented 1.4 million bad applications from being published on Google Play in 2022 and banned 173k developer accounts.
-
Cisco Working on Patch for Vulnerability Reported by NATO Pentester
Cisco is working on a patch for an XSS vulnerability found in Prime Collaboration Deployment by a pentester from NATO’s Cyber Security Centre (NCSC).
> -
Overcoming the Cyber Security FUD Problem: Addressing Fear, Uncertainty, and Doubt
Cybersecurity is a critical issue in today’s digital landscape. From personal information theft to cyberattacks on critical infrastructure, the risks associated with online activities are numerous and ever-present. To address these risks, cybersecurity professionals often use fear, uncertainty, and doubt (FUD) to promote their services and products.
-
Critical Vulnerability in Zyxel Firewalls Leads to Command Execution
A critical-severity vulnerability in Zyxel’s ATP, USG FLEX, VPN, and ZyWALL/USG firewalls can be exploited remotely for OS command execution.
-
RTM Locker Ransomware Variant Targeting ESXi Servers
A newly identified variant of the RTM Locker ransomware is targeting Linux, NAS, and ESXi hosts.
-
FDA, CISA: Illumina Medical Devices Vulnerable to Remote Hacking
FDA and CISA notify healthcare providers about a component used by several Illumina medical devices being affected by serious vulnerabilities that can allow remote hacking.
-
Top Secret: One year on, CERT-In refuses to reveal information about compliance notices issued under its 2022 Directions on cybersecurity
To mark the first anniversary of the notification of the 2022 CERT-In Directions, we filed two Right to Information (“RTI”) applications with the Department of Electronics and Information Technology, seeking details on the issuance of compliance notices under this new regulatory mandate.
-
South Africa in top five countries affected by cybercrime in 2022
South Africa ranked number five globally in a list of countries worst affected by cybercrime in 2022, according to a new report, with 56 000 out of every million internet users being a victim.