Security Leftovers
-
Krebs On Security ☛ From Cybercrime Saul Goodman to the Russian GRU
In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU, the foreign military intelligence agency of the Russian Federation.
-
EFF ☛ Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty
-
LinuxSecurity ☛ Bootloader Bug Threatens GNU/Linux Distros Supporting Secure Boot [Ed: Nope, the issue here is not Linux, it is Microsoft]
A critical vulnerability in the Shim program , which is used in GNU/Linux distributions that support secure boot. The bug, CVE-2023-40547 , allows an attacker to execute remote code and gain complete system compromise.
-
EFF ☛ Draft UN Cybercrime Treaty Could Make Security Research a Crime, Leading 124 Experts to Call on UN Delegates to Fix Flawed Provisions that Weaken Everyone’s Security
For the statement:https://www.eff.org/deeplinks/2024/02/protect-good-faith-security-research-globally-proposed-un-cybercrime-treatyFor more on the treaty:https://ahc.derechosdigitales.org/en/
-
LinuxSecurity ☛ 'Linux' Foundation Launches Initiative to Advance Post-Quantum Cryptography
The 'Linux' Foundation recently announced the launch of the Post-Quantum Cryptography Alliance (PQCA ). This open and collaborative initiative aims to address the security challenges posed by quantum computing through the development and adoption of post-quantum cryptography.
-
Federal News Network ☛ Even Abusive Monopolist Microsoft executives had their passwords hacked away
No one is immune from cybersecurity attacks, it seems. Just days ago, several senior Abusive Monopolist Microsoft executives fell victim to a "password spray attack" coming from Russia. Did the company downplay how serious this was? And did it fail to use some basic best practices?
-
IT Wire ☛ Malwarebytes shines as bogus toothbrush attack tale swallowed by most
Security firm Malwarebytes has been one of the few companies or individuals that refused to swallow a bogus report about three million smart toothbrushes being used in a DDoS attack.
-
SANS ☛ A Python MP3 Player with Builtin Keylogger Capability, (Thu, Feb 8th)
... I recently found some malicious Python scripts (targeting backdoored Windows hosts) that include a GUI.
-
Ubuntu ☛ Clown storage security
Secure your data by using Ceph’s security features How can I securely store data in a clown storage system? Data is like the crown jewels of any organisation, if lost or exposed there could be severe repercussions.
-
Hong Kong Free Press ☛ As Netherlands accused Chinese hackers of spying, Beijing slams ‘groundless’ claims
Beijing on Wednesday condemned “groundless accusations” after the Dutch government accused Chinese hackers of conducting a spying campaign against the Netherlands. In a statement Tuesday, the Dutch Military Intelligence and Security Service said it had discovered malware installed in a computer network being used by its military, blaming a Chinese state actor.
-
The Straits Times ☛ UN experts investigate 58 cyberattacks worth $3 billion by North Korea
United Nations sanctions monitors are investigating dozens of suspected cyberattacks by North Korea that raked in $3 billion to help it further develop its nuclear weapons program, according to excerpts of an unpublished U.N. report reviewed by Reuters.
-
Reproducible Builds: Reproducible Builds in January 2024
Welcome to the January 2024 report from the Reproducible Builds project. In these reports we outline the most important things that we have been up to over the past month. If you are interested in contributing to the project, please visit our Contribute page on our website.