Security Leftovers

posted by Roy Schestowitz on May 19, 2023

• Cybersecurity experts flag potential risks affecting new top-level domains

  Some cybersecurity experts have expressed concerns about two new top-level domains that became generally available earlier this month. The two top-level domains were released by Google LLC on May 3 along with six others.

• Phishing attacks already using the .zip TLD

  On May 3rd, Google Registry launched eight new top-level domains (TLDs) “for dads, grads and techies”, including a .zip TLD. While these new TLDs come with benefits such as automatic inclusion on the HSTS preload list, the launch of new TLDs has always presented cyber criminals with the opportunity to register domains in bad faith.

• Kubernetes and Sigstore founders launch new software supply chain company Stacklok [Ed: This leads towards preventing people running programs of their choice -- or worse, it might force people to use back-doored versions endorsed by a government]

  Kubernetes co-founder Craig McLuckie and Sigstore founder Luke Hinds today announced the launch of a new software supply chain company called Stacklok, after the company raised $17.5 million in venture capital funding ahead of its reveal.

• Authorities warn BianLian ransomware gang has switched to exfiltration-based extortion [Ed: It's worth noting that over 90% of ransomware targets Windows, despite Windows having a small portion of the overall market]

  The U.S. Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the Australian Cyber Security Centre have issued a joint warning about a change in tactics from a well-known ransomware group from traditional ransomware encryption to exfiltration-based extortion. The group, called BianLian, is believed to have first emerged in 2021.

• Critical Infrastructure Organizations Warned of BianLian Ransomware Attacks

  CISA, FBI, and ACSC warn critical infrastructure organizations of the BianLian ransomware group’s attacks.

• Lacroix Closes Production Sites Following Ransomware Attack

  Technological equipment supplier Lacroix has closed three production sites after experiencing a ransomware attack.

• AWS Open Sources Security Tools [Ed: AWS passes code to proprietary GitHub, to be controlled by Microsoft and the NSA (back doors boosters)]

  AWS is open sourcing its Cedar policy language and authorization engine and Snapchange, an open source snapshot-based fuzzing tool.

• Blog: Having fun with seccomp profiles on the edge [Ed: As it is outsourced to Microsoft and the NSA, scepticism is warranted about security merits]

  The Security Profiles Operator (SPO) is a feature-rich operator for Kubernetes to make managing seccomp, SELinux and AppArmor profiles easier than ever. Recording those profiles from scratch is one of the key features of this operator, which usually involves the integration into large CI/CD systems. Being able to test the recording capabilities of the operator in edge cases is one of the recent development efforts of the SPO and makes it excitingly easy to play around with seccomp profiles.

  Recording seccomp profiles with spoc record

  The v0.8.0 release of the Security Profiles Operator shipped a new command line interface called spoc, a little helper tool for recording and replaying seccomp profiles among various other things that are out of scope of this blog post.

• Chrome 113 Security Update Patches Critical Vulnerability

  Google has released a Chrome 113 update to patch 12 vulnerabilities, including a critical use-after-free flaw.

• Congress looks to expand CISA’s role, adding responsibilities for satellites and open source software [Ed: CISA is infiltrated by Microsoft]

  Lawmakers advanced four on Wednesday that would broaden the Cybersecurity and Infrastructure Security Agency's portfolio.

• Investors' case against SolarWinds resolved in favour of company

  The Supreme Court of Delaware state ruled on Wednesday that an earlier judgment made by the Delaware Court of Chancery in its memorandum opinion of 6 September 2022 and affirmed in a final order on 13 October 2022 should stand.

• Access to Energy Sector ICS/OT Systems Offered on Hacker Forums

  Threat actors have been selling access to energy sector organizations, including ICS and other OT systems, according to a new report from Searchlight Cyber.

• Apple Blocked 1.7 Million Applications From App Store in 2022 [Ed: Apple always authorises its own malicious software]

  Apple says it rejected 1.7 million applications from being published in the App Store in 2022.