Security Leftovers

posted by Roy Schestowitz on Jan 06, 2024

• Security Week ☛ In Other News: US Ransomware Attacks, 23andMe Blames Victims, Nuclear Waste Hacking Attempt

  Noteworthy stories that might have slipped under the radar: report on US ransomware attacks, 23andMe blames victims for hack, nuclear waste company targeted.

• Security Week ☛ Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected

  Global law firm Orrick, Herrington & Sutcliffe disclosed a data breach that affects a roughly 600,000 individuals.

• Bruce Schneier ☛ Improving Shor’s Algorithm

  We don’t have a useful quantum computer yet, but we do have quantum algorithms. Shor’s algorithm has the potential to factor large numbers faster than otherwise possible, which—if the run times are actually feasible—could break both the RSA and Diffie-Hellman public-key algorithms.

  >

• Security Week ☛ US Says 19 People Charged Following 2019 Takedown of xDedic Cybercrime Marketplace

  Justice Department says 19 people involved in the xDedic cybercrime marketplace have been charged to date following its 2019 takedown.

• SANS ☛ Are you sure of your password?

  If many people can detect simple phishing emails these days, some attacks are very well crafted and also have built-in techniques not only to ensure that potential victims will fall into the trap but there is another aspect. From an attacker's point of view, how to improve the quality of collected data?

• Security Week ☛ Ivanti Patches Critical Vulnerability in Endpoint Manager

  CVE-2023-39336, a critical vulnerability in Ivanti EPM, may lead to device takeover and code execution on the server.

• Rockyou Txt Wordlist Download 2023 – #1 Password List in Kali Linux

  Rockyou is a password dictionary that is used to help perform various kinds of password brute-force attacks. It is a collection of the most widely used and potential access codes.

• Security Week ☛ Vigilant Ops Raises $2 Million for SBOM Management Platform

  Vigilant Ops receives $2 million seed investment from DataTribe to help organizations manage SBOMs.

• CubicleNate ☛ Edge Browser Refusing a Self-Signed Certificate | Easy Bypass [Ed: The "trust" cartel trying to acquire a "kill switch" to turn sites on and off through browsers and CAs]

  Sometimes, computers and networking is not as fun as it once was. I have actually found it quite annoying at times when suddenly, things break. Nothing is quite as consistent as they once were. I’d like to say it was around 2009 that we accelerated into craziness… regardless, new solutions for new problems.

• Security Week ☛ New ‘SpectralBlur’ macOS Backdoor Linked to North Korea

  SpectralBlur is a new macOS backdoor that shows similarities with North Korean hacking group’s KandyKorn malware.

• Security Week ☛ Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved

  In a landmark case that blurs the lines between cyber and kinetic warfare, Merck reached a settlement with insurers over a $1.4 billion claim stemming from the NotPetya malware attack.

• Medevel ☛ reNgine is an open-source Security Recon Framwork for Web Apps

  reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.

• Medevel ☛ Deepfence SecretScanner Find Secrets and Passwords in Container Images and File Systems

  Deepfence SecretScanner is an open-source security app that can find unprotected secrets in container images or file systems.