Security Leftovers
-
LWN ☛ Security updates for Friday
Security updates have been issued by Fedora (chromium, golang-github-facebook-time, podman, and xorg-x11-server-Xwayland), Oracle (.NET 6.0, java-1.8.0-openjdk, java-11-openjdk, and python3.11-cryptography), Red Hat (java-11-openjdk, python-requests, and python-urllib3), SUSE (chromium, kernel, libcryptopp, libuev, perl-Spreadsheet-ParseExcel, suse-module-tools, and xwayland), and Ubuntu (filezilla and xerces-c).
-
IT Pro ☛ Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks
Nearly half of workers responsible for email security breaches over the last year have been sacked, according to new search, as cyber leaders begin taking a tougher stance amid a surge in attacks.
Research from cyber security firm Egress found that 94% of organizations globally have experienced a serious email security incident in the past 12 months.
The acceleration of email-based security threats, researchers said, has cyber security leaders “stressed about risks” and has prompted practitioners to impose harsh consequences on staff who fall prey to attackers.
-
Data Breaches ☛ Raptor Technologies’ unsecured blob exposure was worse than they acknowledged. Here’s what we know — and don’t know — so far.
But as DataBreaches noted, there was even more to this concerning leak than had been known by Fowler, vpnMentor, or WIRED. DataBreaches had been contacting Raptor Technologies weeks before Fowler reached out to them about their leak after another researcher had alerted DataBreaches to it in early November. But Raptor Technologies never acknowledged the multiple attempts at responsible disclosure in early December, never secured their blob at the time, and then issued a factually inaccurate statement to WIRED about their investigation that claimed, “There is no indication at this time that any such data was accessed by third parties beyond the cybersecurity researcher and Raptor Technologies personnel,” he says, adding there is no reason to believe there has been any misuse of the information.”
[...]
Raptor Technologies needs to answer the questions DataBreaches put to them. So does Ann Arbor Public Schools and Angell Elementary School District, for that matter. And school districts using Raptor’s services should attempt to verify Raptor’s claims to them about whether their data was accessed or not.
-
Computer Weekly ☛ Kaspersky shares Pegasus spyware-hunting tool [Ed: And why trust a tool from Moscow any more than Pegasus? Or NSO Group?]
Kaspersky has developed a way of easily exposing the presence of Pegasus spyware on iOS devices and believes its methodology may also help users identify other such surveillance malware
-
CISA
-
CISA ☛ 2024-01-18 [Older] Atlassian Releases Security Updates for Multiple Products
-
CISA ☛ 2024-01-18 [Older] Citrix Releases Security Updates for NetScaler ADC and NetScaler Gateway
-
CISA ☛ 2024-01-18 [Older] Drupal Releases Security Advisory for Drupal Core
-
CISA ☛ 2024-01-17 [Older] VMware Releases Security Advisory for Aria Operations
-
CISA ☛ 2024-01-18 [Older] CISA Adds One Known Exploited Vulnerability to Catalog
-
CISA ☛ 2024-01-18 [Older] CISA Releases One Industrial Control Systems Advisory
-
CISA ☛ 2024-01-18 [Older] Incident Response Guide for the WWS Sector
-
CISA ☛ 2024-01-18 [Older] Oracle Releases Critical Patch Update Advisory for January 2024
-
CISA ☛ 2024-01-18 [Older] AVEVA PI Server
-
CISA ☛ 2024-01-17 [Older] CISA Adds Three Known Exploited Vulnerabilities to Catalog
-
CISA ☛ 2024-01-16 [Older] CISA Adds One Known Exploited Vulnerability to Catalog
-
CISA ☛ 2024-01-16 [Older] CISA and FBI Release Known IOCs Associated with Androxgh0st Malware
-
CISA ☛ 2024-01-16 [Older] CISA Releases Two Industrial Control Systems Advisories
-
CISA ☛ 2024-01-16 [Older] SEW-EURODRIVE MOVITOOLS MotionStudio
-
CISA ☛ 2024-01-16 [Older] Integration Objects OPC UA Server Toolkit
-
-
Windows TCO
-
Data Breaches ☛ German security researchers at risk of prosecution for “hacking” because of a plain text hardcoded password?
When he checked that MySQL connection, he realized that the database contained data belonging to not merely his client but all of the vendor’s customers. So he immediately informed the vendor – and while they fixed this vulnerability they also pressed charges.
-
The Register UK ☛ IT consultant fined for daring to expose shoddy security [Ed: MSConnect.exe means Windows TCO]
Back in June 2021, according to our pals at Heise, an contractor identified elsewhere as Hendrik H. was troubleshooting software for a customer of IT services firm Modern Solution GmbH. He discovered that the Modern Solution code made an MySQL connection to a MariaDB database server operated by the vendor. It turned out the password to access that remote server was stored in plain text in the program file MSConnect.exe, and opening it in a simple text editor would reveal the unencrypted hardcoded credential.
-
Data Breaches ☛ Primary Health & Wellness Center, LLC’s public notice of ransomware incident [Ed: Remote Desktop means Windows TCO]
Upon information and belief, the threat actor variant was Phobos, and the threat actor was able to encrypt the server through remote desktop.
The remote access was disabled and secured, and no further vulnerabilities were identified. Following examination, no definitive indicators of exfiltration of patient data or protective health information were observed. In addition, threat actors utilizing the Phobos ransomware are not known to exfiltrate patient data.
-