Security Leftovers
-
Data Breaches ☛ D.C. Board of Elections revises its estimate of data breach — could be entire voter roll
The D.C. Board of Elections appears to have revised its estimate of how much data was accessible to a threat actor who listed it for sale on a dark web site. The listing had claimed to have 600k lines of voter registration records from the D.C. Board of Elections, but a preliminary statement by the D.C. BOE claimed that there were fewer than 4,000 registered D.C. voters whose data was accessed or acquired from DataNet Systems’ database.
-
Data Breaches ☛ Ragnar Locker ransomware gang taken down by international police swoop — Europol
This action, coordinated at international level by Europol and Eurojust, targeted the Ragnar Locker ransomware group. The group were responsible for numerous high-profile attacks against critical infrastructure across the world.
In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain and Latvia. The “key target” of this malicious ransomware strain was arrested in Paris, France, on 16 October, and his home in Czechia was searched. Five suspects were interviewed in Spain and Latvia in the following days. At the end of the action week, the main perpetrator, suspected of being a developer of the Ragnar group, has been brought in front of the examining magistrates of the Paris Judicial Court.
-
YouTube ☛ DEF CON 31 – ElfMaster’s ‘Revolutionizing ELF Binary Patching With Shiva A JIT Binary Patching System For Linux’
-
The New Stack ☛ Open Source Development Threatened in Europe [Ed: Sponsored "interview" (puff piece) from 'Linux' Foundation, a front group of proprietary vendors]
It’s a topic we only hear a little about. Still, the existential crisis about a debilitating blow to open source is entirely accurate, with the most significant blow to companies that employ developers for open source work and the foundations that manage open source projects.
The matter at hand: Europe’s Cyber Resilience Act, designed to prevent security intrusions but with enough restrictions on open source to provide technologists with much to consider.
-
TechTarget ☛ Use these 6 user authentication types to secure networks
One layer of security that all networks and applications need is authentication. Read up on six authentication types, from 2FA to biometrics to certificates.
-
CISA ☛ 2023-10-16 [Older] Cisco Releases Security Advisory for IOS XE Software Web UI
-
Modern Diplomacy ☛ 2023-10-14 [Older] The Growing Threat of Cyber Attacks on Physical Security Systems
-
CISA ☛ 2023-10-20 [Older] CISA Releases Fact Sheet on Effort to Revise the National Cyber Incident Response Plan (NCIRP)
-
CISA ☛ 2023-10-20 [Older] CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
-
CISA ☛ 2023-10-19 [Older] CISA Adds Two Known Exploited Vulnerabilities to Catalog
-
CISA ☛ 2023-10-19 [Older] CISA Adds Two Known Exploited Vulnerability to Catalog
-
CISA ☛ 2023-10-19 [Older] CISA, NSA, FBI, and MS-ISAC Release Update to #StopRansomware Guide
-
CISA ☛ 2023-10-19 [Older] CISA Releases One Industrial Control Systems Advisory
-
CISA ☛ 2023-10-19 [Older] Oracle Releases October 2023 Critical Patch Update Advisory
-
CISA ☛ 2023-10-18 [Older] CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance
-
CISA ☛ 2023-10-17 [Older] CISA Releases Two Industrial Control Systems Advisories
-
CISA ☛ 2023-10-17 [Older] Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation Products
-
CISA ☛ 2023-10-17 [Older] Rockwell Automation FactoryTalk Linx
-
CISA ☛ 2023-10-16 [Older] CISA Adds One Known Exploited Vulnerability to Catalog
-
CISA ☛ 2023-10-16 [Older] CISA, FBI, and MS-ISAC Release Joint Advisory on Atlassian Confluence Vulnerability CVE-2023-22515
-
CISA ☛ 2023-10-16 [Older] CISA, NSA, FBI, and International Partners Release Updated Secure by Design Guidance
-
Slashdot ☛ 2023-10-15 [Older] T2 Linux Discovers (Now Patched) AMD Zen 4 Invalid Opcode Speculation Bug
-
Bleeping Computer ☛ American Family Insurance confirms cyberattack is behind IT outages