Security Leftovers

posted by Roy Schestowitz on May 07, 2023

• Uber’s former security chief was spared a jail sentence for trying to hide a 2016 hack

  Uber’s former chief security chief has avoided jail time in a case linked to the coverup of a 2016 hack. The judge found his previous work in data security outweighed the harm he did by hiding the data breach.
  

• Pro-Russian Hackers Claim Downing of French Senate Website

  The French Senate's website was offline on Friday after pro-Russian hackers claimed to have taken it down, in just the latest such cyberattack since Russia invaded Ukraine last year.

• New Android Trojans Infected Many Devices in Asia via Google Play, Phishing

  The recently identified Fleckpe Android trojan has infected over 600,000 users in Southeast Asia via Google Play.

• Reproducible Builds (diffoscope): diffoscope 242 released

  The diffoscope maintainers are pleased to announce the release of diffoscope version 242. This version includes the following changes: [...]

• Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 1, (Sat, May 6th)

• Guildma is now abusing colorcpl.exe LOLBIN, (Fri, May 5th) [Ed: Microsoft Windows TCO]

  While analyzing a Guildma (AKA Astaroth) sample recently uploaded to MalwareBazaar, we came across a chain of LOLBIN abuse.

• Fortinet Patches High-Severity Vulnerabilities in FortiADC, FortiOS

  Fortinet has released patches for two high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy.

• Critical Siemens RTU Vulnerability Could Allow Hackers to Destabilize Power Grid

  Siemens recently patched a critical vulnerability affecting some of its energy ICS devices that could allow hackers to destabilize a power grid.

• Why CISOs should support renewal of FISA's section 702

  Because it's a good new cybersecurity tool

• Bullied by Bugcrowd over Kape CyberGhost disclosure

  TL;DR The CyberGhost VPN client suffers from an elevation of privilege vulnerability and is filed under CVE-2023-30237. 

• Western Digital to Bring Services Back Online Soon After Security Breach

• Microsoft Patches Serious Azure Cloud Security Flaws

  Microsoft has patched three vulnerabilities in its Azure cloud platform that could have allowed attackers to access sensitive info on a targeted service, deny access to the server, or scan the internal network to mount further attacks, researchers have found.

  Researchers from the Ermetic Research Team discovered the flaws in the Azure API Management Service, which allows organizations to create, manage, secure, and monitor APIs across all of their environments, they revealed in a blog post published May 4.

  The flaws — all rated high-risk — include two Server-Side Request Forgery (SSRF) vulnerabilities and a file upload path traversal on an internal Azure workload.

• AI companies spamming abuse email addresses

  This is another example of how AI companies externalise their costs. If you didn’t take economics at uni, these sites explain the concept:

  Britannica
  International Monetary Fund
  Wikipedia

  For now, I have to live with it. I’m not going to put a blanket ban on security notices coming from domains ending in ai, because that would still be irresponsible. But they’ll have to start proving their worth pretty soon.

• 10 Best Linux Vulnerability Scanners to Scan Linux Servers – 2023

  Are you searching for Linux Vulnerability scanners that can recognize, characterize, and categorize to Scan Linux Servers, etc?

  Regarding the security holes, this article can provide a solution to get the details about the most comprehensive Linux Vulnerability Scannerto scan Linux servers for malware and vulnerabilities.

• Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor

  Google’s latest Android security updates patch over 40 vulnerabilities, including CVE-2023-0266, a kernel flaw exploited as a zero-day by a spyware vendor.