Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (libclamunrar and ruby-sanitize), Fedora (frr, roundcubemail, and webkitgtk), Mageia (freerdp and tomcat), Red Hat (avahi, bind, c-ares, cloud-init, container-tools:4.0, container-tools:rhel8, cups, dnsmasq, edk2, emacs, flatpak, fwupd, ghostscript, grafana, java-21-openjdk, kernel, kernel-rt, libfastjson, libmicrohttpd, libpq, librabbitmq, libreoffice, libreswan, libX11, linux-firmware, mod_auth_openidc:2.3, nodejs:20, opensc, perl-HTTP-Tiny, procps-ng, protobuf-c, python-cryptography, python-pip, python27:2.7, python3, python3.11, python3.11-pip, python38:3.8, python38-devel:3.8, python39:3.9, python39-devel:3.9, qt5-qtbase, qt5-qtsvg, rhc, ruby:2.5, shadow-utils, squid:4, sysstat, tang, tomcat, tpm2-tss, virt:rhel, virt-devel:rhel, webkit2gtk3, wireshark, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), Slackware (mariadb), SUSE (chromium, connman, exfatprogs, ucode-intel, and w3m), and Ubuntu (cobbler, ffmpeg, linux-oem-6.5, procps, and traceroute).
-
OpenSSF (Linux Foundation) ☛ OpenSSF Supports oss-security and (linux-)distros Mailing Lists
As a part of the OpenSSF's mission to sustainably secure the development, maintenance and consumption of open source software, the OpenSSF earlier this year started to sponsor the operation of a critical piece of the community's infrastructure for communication.
-
William ☛ William Brown: Getting Started with PKCS11
Getting Started with PKCS11
PKCS11 is one of those horrible mystery technologies, that just seems to have no good starting place or reference on how to make it work. But it's also a technology that you see commonly around for hardware security modules (HSM), trusted platform modules (TPM) and other high impact cryptographic environments. This makes it an annoying chasm to cross for developers and administrators alike who want to configure these important tools for key security.
So I decided to spend some time to learn about how this all works - scouring a variety of sources I hope to put together something that can help make it easier in future for others.
-
Bleeping Computer ☛ New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs [Ed: This is not about Linux. It's another reminder that "Confidential Computing" and the Microsoft aficionado who boost this scam are likely shilling a back door disguised as privacy. SEV is not designed for security but for monopoly by some secretive, proprietary, Pentagon-connected companies.]
This new attack exploits flaws in AMD's Secure Encrypted Virtualization-Encrypted State (SEV-ES) and Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) tech designed to protect against malicious hypervisors and reduce the attack surface of VMs by encrypting VM data and blocking attempts to alter it in any way.
-
LWN ☛ Intel's "redundant prefix issue"
Tavis Ormandy has described a bug in some Intel CPUs that can lead to a crash (or worse)
-
Data security breach at Beaverton School District
The Beaverton School District has been hit by a cybersecurity breach that may have compromised student passwords, the district announced in a message posted to its website and sent to parents Tuesday evening. Student passwords to email accounts, Google documents, Canva and other platforms all may have been compromised.
The district said it discovered the security incident earlier in the evening and plans to reset the system. Parents and students were warned to download any needed Google documents before 8 p.m. Tuesday because the system reset would make accounts unavailable after that. Students will be able to reset their passwords and get back into their accounts at school on Wednesday, the district said.
-
Data Breaches ☛ AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC (2)
Earlier today, AlphV added MeridianLink to their leak site. MeridianLink (MLNK) is the provider of a loan origination system and digital lending platform for financial institutions. AlphV’s listing has been temporarily removed to be updated, but DataBreaches has learned some additional details from someone involved in the attack.
-
Government Technology ☛ Georgia School District Goes Offline After Suspicious Activity
Henry County Schools Superintendent Mary Elizabeth Davis said Tuesday leaders continue to investigate “suspicious activity” that has resulted in the district restricting Internet access since last week.
In a video posted to YouTube, Davis did not say what activity led the south metro Atlanta district to decide to take its Internet offline on Thursday, but said that student services, payroll, billing and other district operations remain functional as the school system conducts a probe of its network.