Security and FUD Leftovers

posted by Roy Schestowitz on Jun 22, 2023

• OSI calls for revision of disclosure rules in CRA

  OSI is a co-signatory of an open letter sent this week to the European Parliament by European Digital Rights (EDRi) expressing concern that the Cyber Resilience Act (CRA) draft currently under consideration still includes mandatory requirements for vulnerability disclosure that violate best practices in Open Source software collaborations and are likely to actually undermine the security of digital products and the individuals who use them.

• Bitdefender warns of new exfiltration malware targeting remote desktop protocol workloads [Ed: The article should make it a lot clearer that this is about Microsoft Windows. But this publisher takes bribes from Microsoft, so would rather not "embarrass" the company or inform readers.]

  Researchers at S.C. Bitdefender SRL today warned of new custom malware actively targeting remote desktop protocol clients to steal data.

• Digital Footprints Offer a Window Into Covert Actions

  When recent reports emerged of widespread, yearslong cyberattacks by Chinese hackers on Kenya’s government, China was quick to offer a boilerplate denial. But, experts say, in the digital environment, it is harder than ever for attackers to cover their tracks. Writing for Chatham House,

• Researchers warn of an ongoing Tsunami DDoS botnet campaign targeting inadequately protected Linux SSH servers. [Ed: The issue here is neither SSH or Linux and thus the headline is misleading. "The following table contains the list ID and password values used by the bot in the dictionary attacks along with the IP address for the target." So it's about bad passwords that is all. Linux sucks. It's not safe when it's connected to the Web with openssh daemon running and passwords "p@ssw0rd", abcdefghi, 123@abc etc.]

  Researchers from AhnLab Security Emergency response Center (ASEC) have uncovered an ongoing hacking campaign, aimed at poorly protected Linux SSH servers, to install the Tsunami DDoS botnet (aka Kaiten). The threat actors behind these attacks were also observed installing other malware families, including ShellBot, XMRig CoinMiner, and Log Cleaner.

• Hackers infect Linux SSH servers with Tsunami botnet malware [Ed: Neither Linux nor SSH at fault here. This is a Microsoft propaganda site attributing weak passwords to software which does nothing wrong.]

  The attackers scanned the Internet for publicly-exposed Linux SSH servers and then brute-forced username-password pairs to log in to the server.

• Compromised Linux SSH servers engage in DDoS attacks, cryptomining [Ed: So this is the latest Microsoft FUD argument? That "Linux" and "SSH" are bad and dangerous because of some bad passwords? Unethical journalism [sic] by Microsofters is pandering to suits with false stigma; it's trying to create an illusion wherein VNC/RDP with bug doors would be safe, whereas SSH must be banned inside companies. Heck, just bad all UNIX and GNU/Linux systems, impose Windows on everybody.]

  Preventing this type of attack is not difficult: admins should choose strong, unique passwords; enable multi-factor authentication on their SSH account; and set up firewalls to block malicious access attempts and prevent unauthorized entry into the system.

• Security updates for Wednesday [LWN.net]

  Security updates have been issued by Debian (libfastjson, libx11, opensc, python-mechanize, and wordpress), SUSE (salt and terraform-provider-helm), and Ubuntu (firefox, libx11, pngcheck, python-werkzeug, ruby3.1, and vlc).

• Justice Department Announces New National Security Cyber Section Within the National Security Division [Ed: Will they know how to wipe Windows and install BSD and GNU/Linux?]

  The Justice Department today announced the creation of the new National Security Cyber Section – known as NatSec Cyber – within its National Security Division. The newly established litigating section has secured congressional approval and comes in response to the core findings in Deputy Attorney General Lisa O. Monaco’s Comprehensive Cyber Review in July of 2022.

• I Was Sentenced to 18 Months in Prison for Hacking Back - My Story

  y Journey Through Digital Ethics, Policy, Love and Fear, and Intention, Which Started With a Homeless Lady in San Francisco

  To this point in my life, my identity has been linked with the American dream. I was a self-made millionaire at sixteen after starting at an ad technology company in my parents’ basement.

  Following high school, I attended Stanford, where I was Chair of Entrepreneurship for the student government, co-founded an entrepreneurship dorm on campus, and was invited as a youth delegate for entrepreneurship at summits around the world like the St. Petersburg Economic Forum.

• Vincera Institute Reports Potential Patient Data Breach Due to Ransomware Attack [Ed: Seems like another classic case of Windows TCO]

  Vincera Institute, a leading healthcare facility in Philadelphia, PA, is issuing a notice regarding a recent ransomware attack that occurred on April 29, 2023. This attack has the potential to compromise patient data, including personal and medical information.

  Upon discovering the incident, Vincera Institute promptly engaged specialized cybersecurity professionals to assist in containing and mitigating the attack. The primary focus has been on securing our systems and safeguarding patient data. While the investigation is still ongoing, we are providing this notice to ensure transparency and offer resources to affected individuals to protect their information.