Security Leftovers

posted by Roy Schestowitz on Jan 04, 2024

• LWN ☛ Security updates for Tuesday

  Security updates have been issued by Gentoo (Joblib), Red Hat (firefox and thunderbird), SUSE (gstreamer-plugins-bad, libssh2_org, and webkit2gtk3), and Ubuntu (firefox and thunderbird).

• LWN ☛ Security updates for Wednesday

  Security updates have been issued by Debian (kernel), Fedora (slurm), Oracle (kernel and postgresql:15), Red Hat (firefox, gstreamer1-plugins-bad-free, thunderbird, tigervnc, and xorg-x11-server), SUSE (polkit, postfix, putty, w3m, and webkit2gtk3), and Ubuntu (nodejs).

• Medevel ☛ Gobuster is a VHost brute-force Pentesting Tool, written in Golang

  Gobuster is a tool used to brute-force.

• Medevel ☛ Scanbox is a Powerful and open-source Toolkit for Ethical Hackers and Security Automation

  Scanners Box also known as scanbox, is a powerful hacker toolkit, which has collected more than 10 categories of open source scanners from Microsoft's proprietary prison GitHub, including subdomain, database, middleware and other modular design scanner etc.

• SANS ☛ Fingerprinting SSH Identification Strings, (Tue, Jan 2nd)

  For HTTP, logging and fingerprinting browser user agents is standard practice. Many anti-automation tricks use the user agent and compare it to other browser artifacts, for example, supported JavaScript APIs, to detect bots. SSH offers an "identification string" with a format mandated by RFC 4253.

• Trail Of Bits ☛ Tag, you’re it: Signal tagging in Circom

  By Tjaden Hess We at Trail of Bits perform security reviews for a seemingly endless stream of applications that use zero-knowledge (ZK) proofs.

• Federal News Network ☛ New year, new rules for GSA contracting officers

  In today's Federal Newscast: Congress wants to know how many people have access to secret information. The Department of Transportation sees some big cybersecurity improvements coming in 2024. And the new year brings in new rules for GSA contracting officers.

• Bleeping Computer ☛ The biggest cybersecurity and cyberattack stories of 2023

  2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.

  Some stories, though, were more impactful or popular with our 22 million readers than others.

  Below are fourteen of what BleepingComputer believes are the most impactful cybersecurity stories of 2023, with a summary of each.

• Wired ☛ The Worst Hacks of 2023

• CBC ☛ Theft of Vancouver rape crisis centre server containing sensitive data raises privacy concerns

  Cybersecurity experts are warning of “significant” data privacy risks after a Vancouver rape crisis centre told clients and donors a computer server containing their sensitive personal information and banking details was stolen from its office last month.

  The Dec. 3 break-in at Salal Sexual Violence Support Centre’s new downtown office is under investigation, Vancouver police confirmed in an email to CBC News Friday, and at least one woman who sought counselling at Salal says she is planning to file a complaint with B.C.’s privacy watchdog over the breach.

• Orbit Chain’s Bridge Hacked for $81.5 Million in a Major Security Breach

  Although the cryptocurrency markets have progressed significantly bridge attacks and hacks continue to plague the market due to bad players.

  In a concerning development, Orbit Bridge, a prominent cross-chain bridge protocol, has experienced a notable outflow of $81.5 million across various cryptocurrencies, signaling a potential major hack. On December 31st, an anonymous Twitter user sounded the alarm about a potential exploit, highlighting substantial outflows from the Orbit Chain Bridge protocol. This concern gained traction as blockchain investigator Officer CIA and cybersecurity firm Cyvers also verified the hack.

• ABC ☛ Russian hackers believed to be behind cyber attack on Victoria’s County Court [Ed: Seems like Microsoft's fault, not Russia's fault]

  Victoria’s court system has been hit by a ransomware attack, which independent experts believe was orchestrated by Russian hackers.

  A spokesperson for Court Services Victoria (CSV) said hackers accessed an area of the court system’s audio-visual archive. That would mean recordings of hearings including witness testimony from highly sensitive cases may have been accessed or stolen.

  CSV is now trying to notify people whose court appearances have been accessed by hackers, and will today set up a contact centre for people who believe they may have been affected.

• Data Breaches ☛ Parathon by JDA e-Health: what we still don’t know about their July ransomware incident

  So how many patients, total, have been affected by this incident that was first detected in July and has still not been fully disclosed five months later? Thousands? Hundreds of thousands? Millions? DataBreaches sent another inquiry to Parathon through their website last week, asking how many patients, total, were affected by the Akira ransomware attack, whether HHS has been notified by them, and whether they paid Akira any ransom.

• Kapersky ☛ Operation Triangulation: The last (hardware) mystery

  Today, on December 27, 2023, we (Boris Larin, Leonid Bezvershenko, and Georgy Kucherin) delivered a presentation, titled, “Operation Triangulation: What You Get When Attack iPhones of Researchers”, at the 37th Chaos Communication Congress (37C3), held at Congress Center Hamburg. The presentation summarized the results of our long-term research into Operation Triangulation, conducted with our colleagues, Igor Kuznetsov, Valentin Pashkov, and Mikhail Vinogradov.

  This presentation was also the first time we had publicly disclosed the details of all exploits and vulnerabilities that were used in the attack. We discover and analyze new exploits and attacks using these on a daily basis, and we have discovered and reported more than thirty in-the-wild zero-days in Adobe, Apple, Google, and Microsoft products, but this is definitely the most sophisticated attack chain we have ever seen.