Security: Linux, Microsoft, and more
-
QSB-100: Incorrect handling of PCI devices with phantom functions (XSA-449)
We have published Qubes Security Bulletin 100: Incorrect handling of PCI devices with phantom functions (XSA-449). The text of this QSB and its accompanying cryptographic signatures are reproduced below. For an explanation of this announcement and instructions for authenticating this QSB, please see the end of this announcement.
-
GamingOnLinux ☛ Qualys discovers glibc flaw that could enable attackers to gain full root access
Well, here's another reminder to keep your PC up to date. Despite Linux being known for security, it's not perfect (no software is) and researchers at Qualys have discovered multiple vulnerabilities in the GNU C Library.
-
Unix Men ☛ The Best Kali Linux Tools for Beginners and Experts
Here’s a shortlist of 20 of the best tools available on Kali Linux
-
Unix Men ☛ Maximizing Your Security on Google Cloud: Essential Tips with Linux and Unix Integration
In this article, we’ll discuss how you can maximize security on the Google Cloud platform with common data protection practices, including considerations for Linux and Unix environments. By following these steps and best practices, you can ensure operational security in Google Cloud, making it safer for all users, including those familiar with Linux and Unix systems. Let’s dive into what should be prioritized in Google Cloud security, with an integration of Linux and Unix context.
-
SANS ☛ What did I say to make you stop talking to me, (Tue, Jan 30th)
We use Cowrie to emulate an SSH and Telnet server for our honeypots.
-
Sentinel One ☛ Microsoft’s Dangerous Addiction To Security Revenue
I have seen this fundamental problem in multiple investigations, including the one that Microsoft worked so hard to label as the Solarwinds Incident*: AzureAD is overly complex, and lacks a UX that allows for administrators to easily understand the web of security relationships and dependencies that attackers are becoming accustomed to exploiting.
In many organizations, AzureAD is deployed in hybrid mode, which combines the vulnerability of cloud (external password sprays) and on-premises (NTLM, mimikatz) identity technologies in a combination that smart attackers utilize to bounce between domains, escalate privilege and establish persistence.
Calling this a “legacy” tenant is a dodge; this system was clearly configured to allow for production access as of a couple of weeks ago, and Microsoft has an obligation to secure their legacy products and tenants just as well as ones provisioned today. It’s not clear what they mean by “legacy”, but whatever Microsoft’s definition it is likely to be representative of how thousands of their customers are utilizing their products.
Microsoft does, however, offer all of us some solution…
-
WordPress ☛ WordPress 6.4.3 – Maintenance and Security release
This security and maintenance release features 5 bug fixes on Core, 16 bug fixes for the Block Editor, and 2 security fixes. Because this is a security release, it is recommended that you update your sites immediately. Backports are also available for other major WordPress releases, 4.1 and later.
-
Security Week ☛ 1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates
Insurance brokerage firm Keenan & Associates says personal information stolen in an August 2023 cyberattack.
-
APNIC ☛ Credential stuffing and SIM swaps
The ‘stuffing’ part refers to using stolen login credentials from one website on another, using the assumption they’re probably reused identity and password details. Nowadays, it’s common to use keystores, either browser embedded or in the operating system (like the OSX Keychain) or in a third-party product like LastPass, 1Password, or Bitwarden (my particular keystore of choice, on OSX and Android), but it’s obviously not common enough.
-
Security Week ☛ US Disrupted Chinese Hacking Operation Aimed at Critical Infrastructure: Report
US government reportedly disabled parts of a botnet-powered cyber campaign conducted by the Chinese threat actor Volt Typhoon.
-
Security Week ☛ US Lawmakers Introduce Farm and Food Cybersecurity Act
New bipartisan, bicameral legislation aims to improve cybersecurity protections within the food and agriculture sector.
-
Security Week ☛ Juniper Networks Patches Vulnerabilities in Switches, Firewalls
A high-severity flaw in the J-Web interface of Juniper’s Junos OS could lead to arbitrary command execution, remotely.
-
Security Week ☛ Data of 750 Million Indian Mobile Subscribers Sold on Hacker Forums
A massive database containing the information of 85% of the Indian population has emerged on the dark web.
-
Scoop News Group ☛ Cyberattacks on state and local governments rose in 2023, says CIS report