Security Leftovers
-
TechRepublic ☛ Sekoia: Latest in the Financial Sector Cyber Threat Landscape
Phishing, infostealer malware, ransomware, supply chain attacks, data breaches and crypto-related attacks are among the top evolving threats in the financial sector, says Sekoia.
-
SANS ☛ CVE-2023-1389: A New Means to Expand Botnets, (Wed, Nov 22nd)
[This is a Guest Diary by Jonah Latimer, an ISC intern as part of the SANS.edu BACS program
[...]
If there is a vulnerability that can be exploited by actors they will take advantage of it, that’s why it’s so important to stay up to date on patches, and know what devices are used in your environment. Firmware upgrades should be performed on your router on a regular basis to ensure that your device is secured against the latest threats and can usually be found on the routers company website. While CVE-2023-1389 has been primarily used for recruiting devices to botnets, it will be interesting to see what other creative uses actors use it for.
-
Bruce Schneier ☛ Apple to Add Manual Authentication to iMessage
Signal has had the ability to manually authenticate another account for years. iMessage is getting it:
The feature is called Contact Key Verification, and it does just what its name says: it lets you add a manual verification step in an iMessage conversation to confirm that the other person is who their device says they are. (SMS conversations lack any reliable method for verification—sorry, green-bubble friends.) Instead of relying on Fashion Company Apple to verify the other person’s identity using information stored securely on Apple’s servers, you and the other party read a short verification code to each other, either in person or on a phone call. Once you’ve validated the conversation, your devices maintain a chain of trust in which neither you nor the other person has given any private encryption information to each other or Apple.
-
Security Week ☛ Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets
Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking supply chain attack bomb.”
-
Pen Test Partners ☛ Cap Dev. Better red teaming with continuous Capability Development
TL;DR What Capability Development (Cap Dev) is in this context The big Cap Dev benefits for red teaming Operations and Development, sharing and improving Improvements to TTPs, hardware [...]
-
Techdirt ☛ FCC Reveals Some Vague Rules That Pretend To Tackle SIM Hijacking Fraud
For years we’ve talked about the growing threat of SIM hijacking, which involves a criminal covertly porting out your phone number from right underneath your nose (quite often with the help of bribed or conned wireless carrier employees).
-
Help Net Security ☛ Chiselled Ubuntu closes prevailing container security gaps [Ed: Microsoft Canonical [1, 2]]
Canonical announced chiselled Ubuntu containers which come with Canonical’s security maintenance and support commitment.
Chiselled Ubuntu containers are ultra-small OCI images that deliver only the application and its runtime dependencies, and no other operating system-level packages, utilities, or libraries. This makes them lightweight to maintain and operate, secure, and efficient in resource utilisation.
-
InfoSecurity Magazine ☛ Flaw in Apache ActiveMQ Exposes Linux Systems to Kinsing Malware
A critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604, has been exposed, revealing an active exploitation scenario by the notorious Kinsing malware.
According to an advisory published by Trend Micro on Monday, the discovery underscores the implications for Linux systems, as the vulnerability allows for remote code execution (RCE) due to inadequate validation of throwable class types in OpenWire commands.
Apache ActiveMQ, a Java-based open source protocol, is widely used for message-oriented middleware, facilitating seamless communication between diverse applications.