Security Leftovers and Windows TCO
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (keystone and subunit), Fedora (dotnet6.0, golang, kernel, sos, and tigervnc), Mageia (erlang), Red Hat (openssl), SUSE (bluez, python-aiohttp, and seamonkey), and Ubuntu (postfix and xorg-server).
-
[Older] One Supply Chain Attack to Rule Them All – Poisoning GitHub’s Runner Images
Let’s think for a moment what a nightmare supply chain attack could be. An attack that would be so impactful that it could be chained to target almost every company in the world. For an attacker to carry out such an attack they would need to insert themselves into a component fundamental to building the largest open-source software projects on the Internet.
What would an attacker need to target in order to carry out this attack? Cloud infrastructure would certainly qualify. What about build agents? Those would certainly be impactful, and SolarWinds put that attack on the map. If an attacker wanted more, the attacker would instead need to target SaaS companies providing hosted build services. Services like GitLab CI, TravisCI, CircleCI, BuildKite, and GitHub Actions fall within this category.
-
Bloomberg ☛ [Cr]ackers Stole $7.5 Million in Grant Money From US Health Department
Hackers stole millions of dollars in grant money from the Department of Health and Human Services last year in a series of attacks, according to two people familiar with the matter.
Between late March and mid-November, the hackers gained access to an HHS system that processes civilian grant payments and withdrew about $7.5 million intended to be awarded to five accounts, said the people, who asked not to be named as the details aren’t public.
[…]
In the most recent attack, HHS determined the hackers got into the grantees’ domain email accounts and also used spearphishing emails — which are targeted at specific individuals or organizations — in order to trick US payment staff into providing access to the grantees’ accounts, the people said.
-
'Very important day for cyber security': Federal government slaps targeted sanctions on Russian cybercriminal behind 2022 Medibank Private cyber attack
In a joint press conference with the Foreign Affairs Minister, Deputy Prime Minister, and Cyber Security Minister, the Commonwealth declared it would, for the first time ever, use an autonomous cyber sanctions framework against the suspected hacker for his role in the attack which saw the private information of more than four million Australians stolen with the total number of breached records amounting to 9.7 million.