Security Leftovers

posted by Roy Schestowitz on Aug 11, 2023

• Sweet Security Unfurls Cloud-Native Runtime Protection Platform

  We saw that VerifyHostKeyDNS is reliable, but doesn't save the fingerprint in the file `~/.ssh/known_hosts`, which can be an issue if you need to connect later to the same server if you don't have a working DNSSEC resolver, you would have to trust blindly the server. However, you could generate the required output from the server to be used by the known_hosts when you have DNSSEC working, so next time, you won't only rely on DNSSEC.

• Some things never change ? such as SQL Authentication ?encryption?, (Thu, Aug 10th)

  Fat client applications running on (usually) Windows are still extremely common in enterprises. When I look at internal penetration tests or red team engagements for any larger enterprise, it is almost 100% guaranteed that one will stumble upon such an application.

• MAR-10454006.r4.v2 SEASPY and WHIRLPOOL Backdoors

  This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.

  This document is marked TLP:CLEAR--Recipients may share this information without restriction. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.cisa.gov/tlp.

• Security updates for Thursday

  Security updates have been issued by Debian (firefox-esr), Fedora (chromium, kernel, krb5, and rust), and Ubuntu (graphite-web and velocity).

• Nova Scotia government still unsure of widespread impact from spring cyberattack

  The province of Nova Scotia is still unsure of how widespread the MOVEit security breach is, nearly two-and-a-half months after first becoming aware of the issue.

  Almost 1000 notifications have been sent out this month.

  “As you start getting into forensics you can find out that that trail can lead back a lot further and sometimes it can take weeks, months, before you really know the full impact,” says cybersecurity expert Scott Beck.

  Officials with the Halifax Regional Centre for Education just sent out notices to parents of students whose data was compromised.

• He’s smart, he’s an accomplished liar, and now Impotent says he’s retired.

  Sometimes people surprise me. “Impotent” did. He’s gone by a number of usernames online over the past few years. “Everyone knows me under many different aliases. Let’s actually call me mainly Pulpo. I also used ‘Creeper, ‘Impotent,’ ‘Kmeta,’ ‘KmetaNaEvropa,’ and ‘Promise,’ but on my markets, I was usually just ‘Admin.’ The main identities I love are ‘Impotent’ and ‘Pulpo.’ ‘Pulpo’ made me my biggest money. ‘Impotent’ made me the biggest connections,” he told me.

  On his markets? Biggest money? Biggest connections? Who was this guy that I had not been particularly impressed by when he first contacted me as “Dissent Joe” to invite me to Exposed.vc? At the time I first interviewed him about Exposed.vc, he struck me as someone who knew how to get headlines for himself. I was pretty sure he was lying to me about how he got the RaidForums user database that he leaked, and I couldn’t really trust his word on anything at that point, but was he actually smart enough to have made a lot of money?