Security Leftovers

posted by Roy Schestowitz on Jan 27, 2024

• LWN ☛ Security updates for Friday

  Security updates have been issued by Debian (xorg-server), Fedora (chromium, dotnet8.0, firefox, freeipa, and thunderbird), Red Hat (avahi, c-ares, curl, edk2, expat, freetype, frr, git, gnutls, grub2, kernel, kernel-rt, libcap, libfastjson, libssh, libtasn1, libxml2, linux-firmware, ncurses, oniguruma, openssh, openssl, perl-HTTP-Tiny, protobuf-c, python-urllib3, python3, python3.9, rpm, samba, shadow-utils, sqlite, tcpdump, tomcat, and virt:rhel and virt-devel:rhel modules), SUSE (cpio, jasper, rear23a, thunderbird, and xorg-x11-server), and Ubuntu (jinja2, kernel, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency-hwe-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-oem-6.1, and mariadb, mariadb-10.3, mariadb-10.6). />

• Weekly Blog Wrap-Up (January 22- January 25, 2023)

  Welcome to the TuxCare Weekly Blog Wrap-Up – your go-to resource for the latest insights on cybersecurity strategy, Linux security, and how to simplify the way your organization protects its data and customers.

  At TuxCare, we understand the importance of safeguarding your valuable data and ensuring the smooth operation of your Linux infrastructure. That’s why our team of Linux and open-source experts is dedicated to providing you with the most up-to-date information, Linux tips, and patch management solutions.

  In each edition of our Weekly Blog Wrap-Up, you’ll get a short breakdown of all our informative and thought-provoking blog posts from the past week. Whether you’re seeking expert insights into Linux security best practices, practical tips to optimize your system performance, or comprehensive strategies to streamline patch management, you’ll find it all here!

• EIN Presswire ☛ ANY.RUN Launches Interactive Linux Malware Analysis Platform

  ANY.RUN, a cybersecurity company developing an interactive sandbox analytical platform for malware researchers, processes hundreds of thousands of tasks each month. This high volume of tasks not only showcases the robustness of ANY.RUN's platform but also emphasizes the crucial need for Linux malware analysis. The attractiveness of Linux as a target for hackers, coupled with the increasing sophistication of Linux malware, makes comprehensive analysis imperative in the ever-evolving landscape of cybersecurity.

• 23andMe’s data hack went unnoticed for months

  In late 2023, genetic testing company 23andMe admitted that its customer data was leaked online. A company representative told us back then that the bad actors were able to access the DNA Relatives profile information of roughly 5.5 million customers and the Family Tree profile information of 1.4 million DNA Relative participants. Now, the company has revealed more details about the incident in a legal filing where it said that the hackers started breaking into customer accounts in late April 2023. The bad actors’ activities went on for months and lasted until September 2023 before the company finally found out about the security breach.

• CSO ☛ Zero-day, supply-chain attacks drove data breach high for 2023

  A new record for data breaches reported to the Identity Theft Resource Center (ITRC) was set in 2023, spurred by zero-day and supply chain attacks, according to the organization’s annual data breach report released Thursday. The report noted that the number of data compromises in 2023 jumped 78% over 2022, to 3,205 from 1,801 and exceeded, by 72%, the previous high of 1,860 breaches recorded in 2021.

• National Law Review US ☛ Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions

  Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal information of at least 500 consumers. These covered organizations can include a wide variety of companies that engage in financial activities but that are not directly regulated by federal banking regulators, including automobile dealerships, higher educational institutions participating in federal student financial aid programs, mortgage lenders or brokers, tax preparation firms, travel agencies, and others. These organizations are already required to implement certain information security protections pursuant to the FTC’s Safeguards Rule. The FTC’s new data breach notification requirement will provide the FTC with a critical tool to ensure that organizations are properly safeguarding consumer data.

• Data Breaches ☛ HHS Releases New Voluntary Performance Goals to Enhance Cybersecurity Across the Health Sector and Gateway for Cybersecurity Resources

  Today, the U.S. Department of Health and Human Services (HHS), through the Administration for Strategic Preparedness and Response (ASPR), is releasing voluntary health care specific cybersecurity performance goals (CPGs) and a new gateway website to help Health Care and Public Health (HPH) sector organizations implement these high-impact cybersecurity practices and ease access to the plethora of cybersecurity resources HHS and other federal partners offer.

• PHP-less phishing kits that can run on any website

  Criminals can now deploy phishing sites on any type of web server, even when commonly used server-side technologies such as PHP are not supported.

  Phishing kits are predominantly implemented in PHP, as this provides the server-side functionality required to store and transmit stolen credentials without publicly revealing where they are being sent.

  PHP is a widely used platform and is often supported on low-cost or compromised hosting platforms. Consequently, very few phishing kits are implemented in any other server-side language. For example, only a very small number of phishing kits have even been written in ASP.NET to run on Abusive Monopolist Microsoft web servers.