Security Leftovers

posted by Roy Schestowitz on May 23, 2023

• Qubes Canary 035

  We have published Qubes Canary 035. The text of this canary and its accompanying cryptographic signatures are reproduced below. For an explanation of this announcement and instructions for authenticating this canary, please see the end of this announcement.

  [...]

  You can also verify the signatures directly from this announcement in addition to or instead of verifying the files from the qubes-secpack. Simply copy and paste the Qubes Canary 035 text into a plain text file and do the same for both signature files. Then, perform the same authentication steps as listed above, substituting the filenames above with the names of the files you just created.

• Interview With a Crypto Scam Investment Spammer

  Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.

• GAO Tells Federal Agencies to Fully Implement Key Cloud Security Practices [Ed: Clown security is a mistake and anathema to real security]

  GAO report underlines the need for federal agencies to fully implement key cloud security practices.

• Food Distributor Sysco Says Cyberattack Exposed 126,000 Individuals

  Food distributor Sysco Corporation says the personal information of over 126,000 individuals was compromised in a recent cyberattack.

• Dish Ransomware Attack Impacted Nearly 300,000 People

  Satellite TV giant Dish Network says the recent ransomware attack impacted nearly 300,000 people and its notification suggests a ransom has been paid.

• Windows 11 is so broken that even Microsoft can’t fix it

  Microsoft has just made a pretty remarkable admission, essentially conceding that it doesn’t have a solution for some Windows 11 problems.

• Samsung Smartphone Users Warned of Actively Exploited Vulnerability

  Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

• Probes for recent ABUS Security Camera Vulnerability: Attackers keep an eye on everything., (Mon, May 22nd)

  ABUS is usually better known for its "old-fashioned" mechanical locks. But as part of its b "Industry Solution" portfolio of products, ABUS is offering some more high-tech solutions, like, for example, network-connected cameras.

• Introducing Four-Step Authentication

  Two-step authentication is just too much of a security risk.

• Security advisory: Qt SVG

  A recent buffer overflow issue in Qt SVG has been reported and has been assigned the CVE id CVE-2023-32763.