Security Leftovers

posted by Roy Schestowitz on Jul 26, 2023

• Security updates for Tuesday

  Security updates have been issued by Debian (python-git and renderdoc), Red Hat (edk2, kernel, kernel-rt, and kpatch-patch), Slackware (kernel), SUSE (firefox, libcap, openssh, openssl-1_1, python39, and zabbix), and Ubuntu (cinder, ironic, nova, python-glance-store, python-os-brick, frr, graphite-web, and openssh).

• Google Reportedly Disconnecting Employees from the Internet

  Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers:

  The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

  Google has not confirmed this story.

  More news articles.

• New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection [Ed: OpenSSH is cross-platform (Windows also), why "Linux" in this headline?]

  Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions.

  "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

• Beware of Akira ransomware, CERT-In warns Windows, Linux PC users [Ed: How does this get ONTO Linux though?]

  Due to the Covid-19 outbreak, economies around the world were affected a lot and due to lockdown, almost brought everything from working and studies to a halt, but only for a brief time. People were able to overcome the difficulty fast as they make good use of personal computers and smartphones to get things done.

  However, not many are aware of the dangers of straying out of safe zones of the Internet and easily trusting unknown people on the web. And, end up infecting their systems. In the latest instance, the state-run Indian Computer Emergency Response Team (CERT-In) has warned a new ransomware Akira is on the prowl and is a threat to Windows and Linux-based PCs.

• In SEC Battle, Covington Ordered to Disclose Names of 7 Clients

  U.S. District Judge Amit Mehta of the District of Columbia has ruled that Covington & Burling must disclose to the U.S. Securities and Exchange Commission the names of seven clients whose information may have been exposed in a 2020 cyberattack that impacted the firm.

  “Covington shall produce to the Commission the names of the seven clients as to whom it has not been able to rule out that a threat actor accessed material nonpublic information,” Mehta wrote in his opinion Monday.

• Norway says Ivanti zero-day was used to hack govt IT systems

  The Norwegian National Security Authority (NSM) has confirmed that attackers used a zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) solution to breach a software platform used by 12 ministries in the country.

  The Norwegian Security and Service Organization (DSS) said on Monday that the cyberattack did not affect Norway’s Prime Minister’s Office, the Ministry of Defense, the Ministry of Justice, and the Ministry of Foreign Affairs.

• Half of breached organisations unwilling to up security spend

  IBM Security’s newly-released annual Cost of a Data Breach Report says that the global average cost of a data breach reached $4,45-million in 2023 – an all-time high for the report and a 15% increase over the last three years.

  Detection and escalation costs jumped 42% over this same time frame, representing the highest portion of breach costs and indicating a shift towards more complex breach investigations.

• IBM Report: Half of Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs

  According to the 2023 IBM report, businesses are divided in how they plan to handle the increasing cost and frequency of data breaches. The study found that while 95% of studied organizations have experienced more than one breach, breached organizations were more likely to pass incident costs onto consumers (57%) than to increase security investments (51%).