Security Leftovers
-
Hackaday ☛ Update On The BLUFFS Bluetooth Vulnerability
As we first reported in yesterday’s weekly security post, researchers at EURECOM have revealed the details (PDF, references) of a new man-in-the-middle (MITM) attack on Bluetooth 4.2 through 5.4, which has been assigned CVE-2023-24023. Like preceding CVEs, it concerns the session authentication between Bluetooth devices, where the attacker uses spoofed paired or bonded devices to force the use of a much shorter encryption key length.
-
Security Week ☛ Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say [Iran loves Windows]
The Municipal Water Authority of Aliquippa was just one of multiple organizations breached in the U.S. by Iran-linked "Cyber Av3ngers" hackers
-
US News And World Report ☛ 2023-11-29 [Older] Cybersecurity Agency Warns That Water Utilities Are Vulnerable to Hackers After Pennsylvania Attack [Ed: The issue here is Windows]
-
2023-11-28 [Older] Windows Needs to Disappear
-
CISA ☛ 2023-11-28 [Older] Exploitation of Unitronics PLCs used in Water and Wastewater Systems
-
Russ Cox ☛ 2023-11-30 [Older] Open Source Supply Chain Security at Google [Ed: OK, but Google works with and for spy agencies]
-
CISA ☛ 2023-12-01 [Older] Apple Releases Security Updates for Multiple Products
-
Engadget ☛ 2023-11-30 [Older] Apple patches two security vulnerabilities on iPhone, iPad and Mac
-
CISA ☛ 2023-12-01 [Older] CISA Removes One Known Exploited Vulnerability From Catalog
-
CISA ☛ 2023-11-30 [Older] CISA Adds Two Known Exploited Vulnerabilities to Catalog
-
CISA ☛ 2023-11-30 [Older] CISA Releases Four Industrial Control Systems Advisories
-
CISA ☛ 2023-11-30 [Older] Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems
-
CISA ☛ 2023-11-30 [Older] Delta Electronics DOPSoft
-
CISA ☛ 2023-11-30 [Older] Yokogawa STARDOM
-
CISA ☛ 2023-11-30 [Older] PTC KEPServerEx
-
CISA ☛ 2023-11-30 [Older] Mitsubishi Electric FA Engineering Software Products
-
CISA ☛ 2023-11-29 [Older] CISA Releases First Secure by Design Alert
-
CISA ☛ 2023-11-28 [Older] CISA Releases Four Industrial Control Systems Advisories
-
CISA ☛ 2023-11-28 [Older] Delta Electronics InfraSuite Device Master
-
CISA ☛ 2023-11-28 [Older] Franklin Electric Fueling Systems Colibri
-
CISA ☛ 2023-11-28 [Older] Mitsubishi Electric GX Works2
-
CISA ☛ 2023-11-26 [Older] CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development
-
Data Breaches ☛ AlphV claims an attack before even alerting the victim. How will that work out for them? (1) [Ed: Windows TCO]
This time, it seems they are claiming a victim before they have even attempted to contact the victim or extort them. They post no proof of claims. They state that they are taking this approach because the victim’s cyberinsurance policy does not cover extortion, and their research into the victim (Tipalti) and one of the victim’s clients (Roblox) suggests that their usual approach will not work. They intend to try to extort those firms and Twitch, all individually. Tipalti is an accounting software financial technology business that provides accounts payable, procurement and global payments automation software for businesses.
-
Data Breaches ☛ Norwegian Labor and Welfare Administration fined for data protection failures
The Norwegian Supervisory Authority (Datatilsynet) has taken enforcement action, imposing a fine of EUR 1.7 million (USD $1.85 million) on Arbeids- og velferdsetaten, the Norwegian Labor and Welfare Administration (NAV). As part of its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data. For example, the IT systems were not adequately secured. In addition, an excessive number of employees had access to personal data, including very sensitive data in some cases. At the same time, the controller failed to carry out systematic controls regarding employee use of IT systems. When assessing the fine, the DPA took into account the fact that the data had been handled insecurely over a long period of time.
-
USDOJ ☛ Russian National Pleads Guilty to Trickbot Malware Conspiracy [Ed: Windows TCO]
A Russian national pleaded guilty today to his role in developing and deploying the malicious software known as Trickbot, which was used to launch cyber-attacks against American hospitals and other businesses.
According to court documents and public reporting, Vladimir Dunaev, 40, of Amur Blast, provided specialized services and technical abilities in furtherance of the Trickbot scheme. Trickbot, which was taken down in 2022, was a suite of malware tools designed to steal money and facilitate the installation of ransomware. Hospitals, schools, and businesses were among the millions of Trickbot victims who suffered tens of millions of dollars in losses. While active, Trickbot malware, which acted as an initial intrusion vector into victim computer systems, was used to support various ransomware variants.