Security Leftovers
-
Security updates for Friday [LWN.net]
Security updates have been issued by Debian (kernel and libmail-dkim-perl), Fedora (openssh), and SUSE (kernel).
-
Kaspersky launches specialized solution for Linux-based embedded devices [Ed: Do not use proprietary software for security, not just because it's Russian]
Kaspersky introduces support for Linux in their Kaspersky Embedded Systems Security product. This adaptable, multi-layered solution now provides optimized security for embedded Linux-based systems, devices and scenarios, in compliance with the rigorous regulatory standards so often applicable to these systems. The product provides optimum protection for every device it secures – whatever its power level – against the latest cyberthreats directed at today’s Linux systems.
-
Centers for Medicare and Medicaid notifying 645,000 Medicare members about MOVEit breach
The Centers for Medicare and Medicaid (CMS) has posted a notice on its site about a data breach at one of its contractors, Maximus Federal Services, Inc. Maximus was one of hundreds of victims of a 0day attack on MOVEit file transfer software by the Clop ransomware gang.
Maximus detected unusual activity on May 30 and reported the incident to CMS on June 2. CMS estimates that approximately 645,000 Medicare numbers had their information caught up in the attack.
-
SSNDOB Marketplace Admin Pleads Guilty To Charges Related To His Operation Of A Series Of Websites
July 25 — Tampa, Florida – United States Attorney Roger B. Handberg, along with Special Agent in Charge Kareem Carter for the IRS – Criminal Investigation Washington D.C. Field Office, and Special Agent in Charge David Walker for the FBI – Tampa Division, announces that Vitalii Chychasov (37, Ukraine) has pleaded guilty to conspiracy to commit access device fraud and trafficking in unauthorized access devices relating to his administration of SSNDOB Marketplace, a series of websites that operated for years and were used to sell personal information, including the names, dates of birth, and Social Security numbers belonging to individuals in the United States. The SSNDOB Marketplace has listed the personal information for millions of individuals in the United States, generating more than $19 million in sales revenue. On June 7, 2022, seizure orders were executed against the domain names of the SSNDOB Marketplace, effectively ceasing the website’s operation.
-
Lebanon students to finally receive grades from June after cyberattack delay
Middle and high school students in the Lebanon School District are expected to receive their grades for the academic year that ended in June next week. The delayed release comes after some of the district’s key systems were taken offline as a precaution following a June cyberattack.
PowerSchool, a student information database where students and families can go to see grades, is expected to be back online for families on Friday, Aug. 4, according to Superintendent Amy Allen, a former assistant superintendent in Manchester who started work in Lebanon on July 1. Report cards for elementary school students were sent home at the end of the school year, but older students have yet to receive their grades.
-
Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats
An Axis network door controller vulnerability can be exploited to target facilities, exposing them to both physical and cyber threats.
-
Data of more than 8m stolen from US govt contractor Maximus
A spokesperson for Maximus' Australian operations told iTWire: "MAX, part of Maximus, does not use the MOVEit platform in Australia, and as a result, no MAX customers were impacted.”
Cl0P now appears to have delisted Maximus from its web site, one of 11 companies whose names have been removed after being listed, according to ransomware threat researcher Brett Callow.
{loadposition sam08}Set up in 1975, Maximus has more than 39.000 employers and its annual revenue is claimed to be US$4.25 billion (A$6.3 billion).
-
The SEC is giving companies four days to report cyberattacks
The US Securities and Exchange Commission (SEC) wants public companies to be more transparent and forthcoming about “material cybersecurity incidents,” the federal agency said yesterday (July 26).
-
Companies Required by SEC to Disclose Cybersecurity Incidents in 4 Days
The SEC has adopted new rules requiring public companies to disclose cybersecurity breaches that have a material impact within four days.
-
Code Execution Vulnerability Impacts 900k MikroTik Devices
Over 900,000 devices are impacted by an arbitrary code execution vulnerability in MikroTik RouterOS.
-
SEC’s breach disclosure rule raises concerns about tipping off hackers to flawed systems
New rules require publicly traded companies to disclose cybersecurity breaches within four days of them being deemed material.
-
Top FBI officials warn of ‘unparalleled’ threat from China and AI
Director Christopher Wray said "AI will enable threat actors to develop increasingly powerful, sophisticated, customizable, and scalable capabilities."
-
Best VPN for Linux [Ed: This seems to be partly promotional, not objective]
The best virtual private networks (VPNs) for Linux mask your IP address and encrypt your data to provide an enhanced level of privacy when working on the operating system, particularly when you’re connected to a public network. They also allow you to watch geo-blocked content and bypass censorship to access websites that might be disallowed due to your home IP address. Some even go a step further to provide firewall, antivirus, anti-rootkit and tripwire services.
This review looks at the best Linux VPN clients for hiding your traffic from prying eyes and gaining access to additional content, or both. Read on to learn more about these services, including how they work and how to set them up.
-
Securing Your Linux VPS: 15 Essential Tips and Best Practices
One thing stands as an unbroken fact in the broad digital ecosystem where data flows continuously and cyber dangers abound – the critical significance of protecting your Linux Virtual Private Server (VPS).
-
StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability
A flaw was found in the handling of stack expansion in the Linux kernel 6.1 through 6.4, aka "Stack Rot". The maple tree, responsible for managing virtual memory areas, can undergo node replacement without properly acquiring the MM write lock, leading to use-after-free issues. An unprivileged local user could use this flaw to compromise the kernel and escalate their privileges.
-
Exploiting the StackRot vulnerability
For those who are interested in the gory details of how the StackRot vulnerability works, Ruihan Li has posted a detailed writeup of the bug and how it can be exploited.