Security Leftovers
-
Linux, macOS systems could be compromised with ncurses library bugs
Malicious actors could exploit various memory corruption vulnerabilities impacting the ncurses programming library to facilitate code execution attacks against systems running on Linux and macOS, reports The Hacker News.
Patches have already been issued for the identified flaws, collectively tracked as CVE-2023-29491, which include a denial-of-service with canceled strings bug, an off-by-one error, a stack information leak vulnerability, a heap out-of-bounds during terminfo database file parsing bug, and a stack information leak flaw, according to a Microsoft Threat Intelligence report.
-
Linux was Being Infiltrated by Malware for 3 Years Without Raising any Alarms [Ed: False headline; this is not an original or official source for software]
A hidden malware operation has infiltrated the Linux community for a solid three years without raising alarms, says Kaspersky, a Russian cybersecurity firm. Despite Linux being hailed as a secure alternative to mainstream operating systems like Windows and macOS, it appears even the cybersecurity experts missed this one.
This quiet attack particularly exploited a so-called free download manager designed for Debian users. What’s unusual? This software was laced with malicious code way back since January 2020. It contained a hidden post-installation script that set off the malware, complete with comments in both Russian and Ukrainian.
-
Website served password-stealing Linux malware for 3 years [Ed: So do not download software from unofficial Web sites.]
Security researchers at Kaspersky have discovered a seemingly benign website has been serving Linux users with malware for over three years.
The official Free Download Manager website (freedownloadmanager[.]org) initially only offered a non-harmful version of the Linux Free Download Manager on a Debian repository for several years.
-
“I’m Not Pro-Russia and I’m Not a Terrorist!” —- InfraGard and Airbus Hacker “USDoD” Unveils His New Campaigns
The first time DataBreaches remembers hearing about the man who calls himself “USDoD” was when he posted a sales listing for member data from InfraGard. He had not only managed to acquire data on 80,000 members of an organization dedicated to protecting critical infrastructure, but his revelation of his method exposed some embarrassingly inept security on InfraGard’s part. But that incident and his newest leak involving 3,200 vendors of Airbus aren’t the only reasons to pay attention to him. In a somewhat rambling interview with DataBreaches, conducted over several days online, USDoD reveals some of his current operations and future plans with respect to US defense agencies and firms.
-
Sweden’s Privacy Protection Agency fines insurer Trygg-Hansa for exposing sensitive customer data
Trygg-Hansa’s security flaws have meant that information on 650,000 customers has been accessible via the internet. The Privacy Protection Agency (IMY) is now issuing an administrative sanction fee of SEK 35 million against the company.
-
Personal Data Protection Commissioner of Singapore announces two decisions
A financial penalty of $3,000 was imposed on Autobahn Rent A Car for failing to put in place reasonable security arrangements to protect the personal data in its possession or under its control. Directions were also issued to strengthen access control measures to administrator accounts and to conduct reasonable security review of technical and administrative arrangements for the protection of personal data.
Separately, a financial penalty of $9,000 was also imposed on Century Evergreen for failing to put in place reasonable security arrangements to protect the personal data of jobseekers in its possession or under its control.
-
BlackCat ransomware hits Azure Storage with Sphynx encryptor [Ed: Microsoft TCO]
The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets’ Azure cloud storage.
While investigating a recent breach, Sophos X-Ops incident responders discovered that the attackers used a new Sphynx variant with added support for using custom credentials.
-
FTX restores claims portal after security breach incident
In a recent turn of events, the claims portal for the globally renowned cryptocurrency exchange FTX has resumed its full-fledged operation. The operations were suspended following a security incident that took place with Kroll, the third-party agent responsible for handling the creditor claims amidst the ongoing FTX bankruptcy.
The cybersecurity incident is just one of the myriad challenges FTX has had to navigate as it deals with its bankruptcy case.
-
As AI boosts Texas cybercrime, challenges in bringing international criminals to justice remain
It used to be easier.
Christopher Delzotto remembers the days not so long ago when many online financial scams could be spotted just by reading them. They were full of misspellings, poor grammar and awkward phrasing — all signs that they were created in other countries where a hacker’s first language isn’t English.
The rise of artificial intelligence has changed that, offering tools that help cybercriminals clean up their language and opening new doors for hackers to break into computer networks through emails that trick recipients into sharing personal information or by fabricating images or videos used to extort victims.
-
Iranian state-backed hackers target global satellite, defense, and pharma companies [Ed: Classic Microsoft pulling political cards to distract from its own neglect, incompetence, and very comprehensive damage. Microsoft is the culprit, not the expert.]
Microsoft analysts have revealed that Iranian state-backed hackers have been actively targeting satellite, defense, and pharmaceutical companies worldwide.
-
Federal government could pay millions in compensation over asylum seeker data breach
The Australian government may be liable for tens of millions of dollars in compensation to asylum seekers after it posted their personal details online while they were in immigration detention.
The mass data breach, discovered by Guardian Australia in 2014, resulted in information being used, in some cases, to allegedly threaten asylum seekers, or persecute and even jail their family members.
Of the nearly 10,000 asylum seekers whose privacy was breached nearly a decade ago, those who suffered “extreme loss and damage” will each be eligible for more than $20,000 in compensation after a decision from the Administrative Appeals Tribunal.