Security Leftovers

posted by Roy Schestowitz on May 25, 2023

• Security Advisory: Qt Network

  Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not matching directly. Unencrypted connections are susceptible to man-in-the-middle attacks. Those connections could be established by using URLs with the http instead of the https scheme. With HSTS, the https scheme must be used regardless.

• Digital security in Indonesia remains a work in progress

  Islamic bank's recent data breach shows that more needs to be done to beef up online defences.

• Vulnerability Testing Using Kali Linux

  Kali Linux is a popular distribution of Linux, most famously used in the field of cybersecurity. This article is about vulnerability testing using Kali Linux. We go through how to install the uniscan vulnerability scanner, and then test the vulnerabilities of a website using this tool.

  Vulnerability testing is basically a software approach to test a system and evaluate the risks that are there in the system function, in order to take measures to mitigate and prevent these from actually happening. Now let us get started.

• Security updates for Wednesday

  Security updates have been issued by Debian (libssh and sofia-sip), Fedora (cups-filters, dokuwiki, qt5-qtbase, and vim), Oracle (git, python-pip, and python3-setuptools), Red Hat (git, kernel, kpatch-patch, rh-git227-git, and sudo), SUSE (openvswitch, rmt-server, and texlive), and Ubuntu (binutils, cinder, cloud-init, firefox, golang-1.13, Jhead, liblouis, ncurses, node-json-schema, node-xmldom, nova, python-glance-store, python-os-brick, and runc).

• PyPI was subpoenaed

  In March and April 2023, the Python Software Foundation (PSF) received three (3) subpoenas for PyPI user data. All three subpoenas were issued by the United States Department of Justice. The PSF was not provided with context on the legal circumstances surrounding these subpoenas. In total, user data related to five (5) PyPI usernames were requested.

• PyPI was subpoenaed

  It is, it seems, a week of Python Package Index (PyPI) news. On the PyPI blog, Director of Infrastructure at the Python Software Foundation (PSF), Ee Durbin, has posted an admirably detailed description of the organization's response to three subpoenas it received for PyPI user information in March and April. The requests for information were quite broad and the PSF did produce the requested material (to the extent possible), which involved five PyPI user accounts, under the advice of counsel.

• Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks [Ed: Microsoft is the security culprit and Windows is full of holes. The Microsoft sites try to paint Microsoft as security champion. That's an outrageous lie.]

  “Financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7) has come out of a long period of inactivity,” the company said in a series of tweets from the Microsoft Security Intelligence Twitter account.

• NYS settles charges against PracticeFirst stemming from 2020 ransomware incident [Ed: 95% of the time ransomware means Windows]

  In July 2021, Professional Business Systems, Inc. d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp., a medical management company that processes data for health care providers, issued a press release about a hacking incident that occurred in December 2020. As DataBreaches noted at the time, it appeared that they likely paid ransom because one line in their statement was, “The actor who took the copy has advised that the Information is destroyed and was not shared.”

• Cuba ransomware claims cyberattack on Philadelphia Inquirer [Ed: Microsoft Windows TCO]

  The Cuba ransomware gang has claimed responsibility for this month’s cyberattack on The Philadelphia Inquirer, which temporarily disrupted the newspaper’s distribution and disrupted some business operations.

  The Philadelphia Inquirer is Philadelphia’s largest (by circulation) newspaper. It is the third-longest continuously operating daily newspaper in the U.S., founded in 1829, and it has won 20 Pulitzer Prizes for its journalistic excellence.

• Dorchester school's IT system struck by cyber attack [Ed: Microsoft Windows TCO]

  A Dorchester school’s been hit by a cyber attack, with hackers demanding a ransom.

  The Thomas Hardye School’s IT systems and website went down on Sunday night (21st May) with the problem discovered before lessons started on Monday morning.

• Apria Healthcare notifies 1.2 million patients of hacking incidents in 2019 and 2021

  HIPAA requires that covered entities notify HHS and affected patients of a reportable breach within 60 calendar days of discovery of a breach. Exceptions are made if law enforcement asks an entity to delay notification so as not to interfere with an investigation, but such requests are infrequent.