Security Leftovers

posted by Roy Schestowitz on May 28, 2023

• New Ransomware Group Uses Repurposed LockBit, Babuk Variants | Decipher

  Researchers with Symantec said the threat actor behind the campaign, Blacktail, hasn’t been linked to any existing cybercrime group.

• Industrial Giant ABB Confirms Ransomware Attack, Data Theft

  Industrial giant ABB has confirmed that it has been targeted in a ransomware attack, with the cybercriminals stealing some data.

• Australia-US compact to help keep up with the bad guys

  A recently signed pact with the United States is expected to deliver benefits beyond clean energy or new mines by also boosting national security. Company bosses and policymakers are still coming to grips with what the deal signed last weekend will mean.

• High-Severity ntfs-3g Buffer Overflow Vulns Fixed

  Several buffer overflow vulnerabilities have been identified in ntfs-3g. With a low attack complexity and a high confidentiality, integrity and availability impact, these vulnerabilities have received a National Vulnerability Database (NVD) severity rating of ''High''.

• Linux Kodachi: Celebrating Four Years of Recognition in Techradar's Privacy and Security Category

  Linux Kodachi, the brainchild of Warith Al Maawali, has once again secured the top spot in Techradar magazine's Privacy and Security category for the fourth consecutive year from 2020 to 2023. This significant achievement underscores the unwavering commitment to advancing cybersecurity that Linux Kodachi embodies.

  Since its inception in 2013, Linux Kodachi has been steadfast in its mission to provide a secure operating system that prioritizes user privacy. As digital threats become increasingly prevalent, Linux Kodachi continues to serve as a safe haven in the digital landscape.

  The secret to Linux Kodachi's success lies in its harmonious integration of features. The built-in VPN/Tor functions as a robust shield against digital threats. Simultaneously, the DNS control maintains system stability, and the user-friendly interface simplifies navigation. This blend of features has facilitated a smooth transition to Linux for numerous users worldwide.

• Bcrypt at 25: A Retrospective on Password Security

  As one of the creators of bcrypt back in 1997, I find it somewhat surprising that, 25 years later, we still rely heavily on passwords. My initial encounter with password security took place in 1993 at the University of Hamburg. Having just discovered Unix, I was fascinated by a service called Yellow Pages that allowed anyone to dump encrypted password databases. When I reached out to my friends at other universities, requesting their password dumps to run crack on them, some of the system administrators were quite displeased with me. They found themselves victims of weak system security and an insecure password hashing algorithm. While I can't claim that this directly inspired my future work, it's clear that bcrypt ultimately helped to rectify some of the wrongs committed during my innocent youth.

• Provos: Bcrypt at 25

  Niels Provos reflects on 25 years of experience with Bcrypt and ponders the future of password security in a ;login article.

• Attorney General James Secures $300,000 from Online Sporting Goods Retailers for Failing to Protect Consumers’ Personal Information

  New York Attorney General Letitia James secured $300,000 from Sports Warehouse Inc. (Sports Warehouse), an online sporting goods retailer for failing to protect 2.5 million consumers’ personal data. Sports Warehouse, which owns the online sporting goods websites Tennis Warehouse, Running Warehouse, Skate Warehouse, and Tackle Warehouse, had poor data security that left it vulnerable to a data breach in 2021 which compromised consumers’ private information, including credit card information and email addresses for more than 136,000 New Yorkers. As a result of this agreement, Sports Warehouse must pay $300,000 in penalties to the state and strengthen their cybersecurity measures to protect consumers’ private information.