Security Leftovers
-
Debian and Ubuntu Fixed OpenSSH Vulnerabilities
Debian and Ubuntu have released security updates for their respective OS versions, addressing five flaws discovered in the openssh package. In this article, we will delve into the intricacies of these vulnerabilities, shedding light on their nature and the recommended measures to safeguard your OpenSSH environment.
-
Help Net Security ☛ AuthLogParser: Open-source tool for analyzing Linux authentication logs
AuthLogParser is an open-source tool tailored for digital forensics and incident response, specifically crafted to analyze Linux authentication logs (auth.log).
The tool examines the auth.log file, extracting crucial details like SSH logins, user creations, event names, IP addresses, among others. It produces a concise summary that offers a clear overview of the activities documented in the authentication logs, presenting the information in a format that is easy to read.
-
Trail of Bits ☛ Securing open-source infrastructure with OSTIF
The Open Source Technology Improvement Fund (OSTIF) counters an often overlooked challenge in the open-source world: the same software projects that uphold today’s internet infrastructure are reliant on, in OSTIF’s words, a “surprisingly small group of people with a limited amount of time” for all development, testing, and maintenance.
This scarcity of contributor time in the open-source community is a well-known problem, and it renders the internet’s critical infrastructure vulnerable. To quote OSTIF, “because of the lack of a profit motive, core open-source projects are woefully underfunded and their resources are lacking. This leaves crucial Internet infrastructure susceptible to bugs, poor documentation, poor performance, slow release schedules, and even espionage.”
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (squid), Fedora (podman), Mageia (dropbear), SUSE (eclipse-jgit, jsch, gcc13, helm3, opusfile, qt6-base, thunderbird, and wireshark), and Ubuntu (clamav, libclamunrar, and qemu).
-
Data Breaches ☛ Sébastien Raoult sentenced in federal court; could be out in less than 11 months
Earlier today, French natural Sébastien Raoult learned his sentence in federal court in Seattle. Raoult, aka “Sezyo,” had been detained in Morocco as he prepared to fly home to France after a vacation. His detention in response to a Red Notice led to an intense extradition fight. Raoult’s counsel urged France to request Raoult be extradited to France to stand trial in France for crimes that he committed on French soil. For reasons that seemed more political than genuine, France, who had assisted the U.S. in its investigation into the crimes, claimed they had no case against Raoult. They declined to seek his extradition even though they arrested others with whom he allegedly conspired and then released them.
-
Data Breaches ☛ HMG Healthcare notifies employees and residents of cyberattack
HMG Healthcare has posted a notice of a data breach on its website, but most people are unlikely to notice the substitute notice because of the way it has been presented. If the purpose of a substitute notice under HIPAA is to reach people the covered entity may not have sufficient or current contact information for, then burying the notice on the very bottom of the homepage and calling it a “privacy update” as if it is an update to the privacy policy is misleading at best.
-
TechCrunch ☛ SEC’s X account hacked, sharing ‘unauthorized tweet’ regarding spot bitcoin ETF
The U.S. Securities and Exchange Commission’s X account has been hacked, a spokesperson confirmed with TechCrunch on Tuesday afternoon.
“The SEC’s @SECGov X/Twitter account has been compromised. The unauthorized tweet regarding bitcoin ETFs was not made by the SEC or its staff,” the spokesperson said. A similar statement was shared shortly after on the media platform.
The post, shown in a screenshot below, was up for about 30 minutes, causing a number of news outlets and online personalities to report that the SEC granted approval for the highly anticipated spot bitcoin ETFs. The unauthorized post has since been deleted.
-
ABC ☛ US retail mortgage lender loanDepot struggles with cyberattack
The U.S. retail mortgage lender loanDepot is struggling to recover from a cyberattack that impacted its loan processing and phone service.
In a filing on Monday with the Securities and Exchange Commission, the company said data was encrypted by the “unauthorized third party” who broke into company systems. It said certain unspecified systems were shut down to contain the incident.
[...]
The incident bore all the hallmarks of a ransomware attack, but company spokesman Jonathan Fine would neither confirm or deny that possibility. The attack apparently began over the weekend.