Security Leftovers
-
SANS ☛ Microsoft January 2024 Patch Tuesday, (Wed, Jan 10th)
Microsoft today surprised with a light patch Tuesday. We only received 48 patches for Abusive Monopolist Microsoft products and four for Chromium, affecting Abusive Monopolist Microsoft Edge. Only two of the 48 patches are rated critical none had been disclosed or exploited before today.
-
Medevel ☛ Trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Trivy is an open-source free comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.
-
LWN ☛ Smuggling email inside of email
Normally, when a new vulnerability is discovered and releases are coordinated with those affected, the announcement is done at a convenient time—not generally right before the end-of-year holidays, for example. The SMTP Smuggling vulnerability has taken a different path, however, with its announcement landing on December 18. That may well have been unpleasant for some administrators that had not yet updated, but it was particularly problematic for some projects that had not been made aware of the vulnerability at all—though it was known to affect several open-source mailers.
-
Attackers Targeting Poorly Managed Linux SSH Servers [Ed: So it is a human error]
In recent times, Linux SSH servers have become a prime target for attackers aiming to compromise security and exploit vulnerabilities for malicious activities. This article delves into the growing concern surrounding poorly secured Linux SSH servers, the techniques employed by threat actors, and crucial steps to fortify your server against potential attacks.
-
Embedded Linux IoT Security: Defending Against Cyber Threats
Embedded Linux IoT systems are now essential parts of many different kinds of products, from industrial machinery and smart appliances to medical equipment and automobile systems. However, as Embedded Linux is being used widely, it has attracted the attention of malicious actors, leading to an evolving threat landscape.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Fedora (libssh), Gentoo (FAAD2 and RedCloth), Red Hat (kpatch-patch and nss), SUSE (hawk2, LibreOffice, opera, and tar), and Ubuntu (glibc, golang-1.13, golang-1.16, linux-azure, linux-gkeop, monit, and postgresql-9.5).
-
Data Breaches ☛ Follow-on extortion campaign: confirmation of some findings by Arctic Wolf [Ed: Windows TCO]
In subsequent communications with DataBreaches, xanonymoux claimed that they had already been in negotiations with another victim but the victim stopped negotiating with them. That victim was the Michael Garron Hospital (MGH) in Canada, which had been hit by Akira and was originally listed on Akira’s site. When xanonymoux first mentioned the hospital to DataBreaches, MGH had not been claimed by Akira as yet, and DataBreaches noticed that xanonymoux said they were not sure whether Akira or Karakurt was responsible for the breach. DataBreaches reached out to MGH after xanonymoux claimed, “to be honest, I have already spoken with a negotiator who was allowed to handle all the conversation on their behalf with me. I offered them to pass the server’s information in exchange of a payment, so they would be ready to do everything quickly with LE.” At some point, however, MGH’s negotiator stopped responding to xanonymoux.
-
After Barrage of Hacks, Hospitals Will Face New Federal Cybersecurity Rules Tied to Funding [Ed: Tell them to delete Windows]
The Biden administration plans to unveil new cybersecurity requirements for hospitals in the coming weeks as government officials scramble to stem a disturbing tide of hacks that have crippled health-care providers, delayed procedures and raised concerns about patient safety.
The Centers for Medicare & Medicaid Services, an arm of the Department of Health and Human Services, will propose rules within the next month or so that would require hospitals to establish basic digital security defenses in order to receive federal funding, according to a senior administration official.
The government is “homing in on those key cybersecurity practices that we really do believe bring a meaningful impact,” said the official, who requested anonymity to preview an upcoming policy. The official said the government expects the new requirements to take effect “before the end of the year.”