Security Leftovers

posted by Roy Schestowitz on Feb 09, 2024

• LWN ☛ [oss-security] The GNU C Library has been authorized by the CVE Program as a CVE Numbering Authority (CNA)

  The GNU C Library (glibc) is a key part of the trusted foundation
  in a secure and high-quality software supply chain and is used
  by the GNU Toolchain, the GNU system, and many of the GNU/Linux
  systems today.
  
  
  In an ongoing effort to improve security, the project has been
  authorized by the CVE Program as a CVE Numbering Authority (CNA):
  https://www.cve.org/Media/News/item/news/2024/02/06/GNU-C...
  
  
  As a CNA the glibc security team will be working to improve the
  quality and response time of security advisories and mitigations.
  
  
  Over the coming months, the glibc security team will define the
  process for the CNA and establish best practices that can also
  be used by the rest of the GNU Toolchain.
  
  
  To receive notifications of new advisories please subscribe to the
  glibc announcement mailing list (libc-announce):
  https://sourceware.org/mailman/listinfo/libc-announce
  
  
  Advisories are published directly into the glibc git repository:
  https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;...
  
  
  For more information please see the project security documentation:
  https://sourceware.org/glibc/security.html
  
  
  

• LWN ☛ Glibc becomes a CVE Numbering Authority

  The GNU C Library project has been accepted as a CVE Numbering Authority (CNA), meaning that the project is now in control of the CVE numbers assigned to its code.

• LWN ☛ Security updates for Thursday

  Security updates have been issued by Debian (chromium), Red Hat (gimp, kernel, kernel-rt, and runc), Slackware (expat), SUSE (libavif), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, and linux, linux-aws, linux-gcp, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive).

• Navigating the Complexities of Linux Security: A Comprehensive Guide

  With increasingly sophisticated cyber attacks constantly targeting almost everyone these days, Linux security stands as a paramount concern for businesses and individual users alike. But how can companies protect themselves?

  To give a broad overview of core concepts of protecting Linux-based systems, we’ve put together this comprehensive guide. By reading this guide, you’ll gain an understanding of the critical aspects of Linux security, including essential topics such as user management, network design, and system updates – enabling you to fortify your Linux environment against evolving threats.

  Let’s get started.

• Ubuntu Kernel Updates Patch Multiple Linux Kernel Vulnerabilities

  The Ubuntu security team has recently released Ubuntu kernel updates to address several high-severity Linux kernel vulnerabilities. The affected operating systems include Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 23.10, Ubuntu 18.04 ESM, and Ubuntu 16.04 ESM. In this article, we will explore the details of the updates, highlighting key security issues that have been resolved and the overall impact on Ubuntu systems.

• MontaVista Secures Supply Chain for Enterprise Linux

  San Jose, California. MontaVista Software, LLC introduced its Zero Trust and Secure-by-Design features for the MVShield and MVSecure line of products to secure the entire Software Supply Chain for Enterprise Linux/MVShield applications such as radio and core networking, Intelligent Edge, network and application security appliances, and more.

• Security Week ☛ Fortinet Patches Critical Vulnerabilities in FortiSIEM

  Two critical OS command injection flaws in FortiSIEM could allow remote attackers to execute arbitrary code.

• Scoop News Group ☛ Microsoft: Iran is refining its cyber operations [Ed: Microsoft trying to distract from its own fault

  Stepped up coordination among Iranian cyber actors may improve their ability to hit U.S. critical infrastructure, Abusive Monopolist Microsoft researchers say.

• Phishception – SendGrid is abused to host phishing attacks impersonating itself

  Netcraft has recently observed that criminals abused SendGrid’s services to launch a phishing campaign impersonating SendGrid itself. The well-known provider, now owned by Twilio, makes sending emails at scale simple and flexible. In addition to scale, the promise of high deliverability and feature-rich tools make Sendgrid a sought-after service for legitimate businesses and a likely target for criminals.

  The campaign observed uses a variety of complex lures, such as claiming the victim’s account has been suspended while its sending practices are reviewed or that the victim’s account is marked for removal due to a recent payment failure, combined with other SendGrid features to mask the actual destination of any malicious links.

• SANS ☛ Anybody knows that this URL is about...

  Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat.

• Security Week ☛ JetBrains Patches Critical Authentication Bypass in TeamCity

  JetBrains releases patches for a critical-severity TeamCity authentication bypass leading to remote code execution.

• Data Breaches ☛ Verizon insider data breach affects over 63,000 employees

  Bleeping Computer reports that Verizon has notified the Maine Attorney General’s Office of an insider data breach affecting 63,206 employees.

  According to their sample notice of what was sent to those affected, an employee gained unauthorized access to employee data on September 21, 2023, although Verizon didn’t discover the problem until December. The types of information involved included name, address, Social Security number or other national identifier (if available), gender, union affiliation (if applicable), date of birth, and compensation information of the affected employees.

• Security Week ☛ Verizon Says Data Breach Impacted 63,000 Employees

  Verizon is notifying 63,206 employees that their personal information was exposed in an internal data breach.

• Security Week ☛ US Says China’s Volt Typhoon Hackers ‘Pre-Positioning’ for Cyberattacks Against Critical Infrastructure

  New CISA alert includes technical mitigations to harden attack surfaces and instructions to hunt for the Chinese government-backed hackers.

• The Age AU ☛ Hundreds of Jewish creatives have names, details taken in leak, published online

  Anti-Zionist activists have published the names, images, professions and social media accounts of hundreds of Jewish people working in academia and creative industries, in an escalation of social tensions over the October 7 attacks and subsequent war in Gaza.

  The dissemination of almost 600 names and their personal details was taken from the purported membership of a private WhatsApp Group formed last year by Jewish writers, artists, musicians and academics.

• Major Data Breach in Thailand Exposes Personal Data of 20 Million Elderly Citizens

  In a massive breach of digital trust, personal information of nearly 20 million elderly Thai citizens was leaked from the Department of Older Persons (DOP) under the Ministry of Social Development and Human Security in Thailand. This alarming incident was initially reported by Los Angeles-based cybersecurity firm, Resecurity, on January 22, and later confirmed by Anukul Peedkaew, the permanent secretary of social development and human security.

  The data breach involved a staggering 19,718,687 rows of personal identifiable information (PII) including sensitive details such as names, ID card numbers, phone numbers, emails, salaries, and personal photographs. The breach has already resulted in at least 14 cases of cybercrime, with the origin of the breach still unidentified.

• Data Breaches ☛ Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty

  Our community, which includes good faith security researchers in academia and cybersecurity companies, as well as those working independently, plays a critical role in safeguarding information technology systems. We identify vulnerabilities that, if left unchecked, can spread malware, cause data breaches, and give criminals access to sensitive information of millions of people. We rely on the freedom to openly discuss, analyze, and test these systems, free of legal threats.

• US Dept Of State ☛ Reward Offers for Information to Bring Hive Ransomware Variant Co-Conspirators To Justice

  Today, the Department of State is announcing a reward offer of up to $10,000,000 for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Hive ransomware variant transnational organized crime group. In addition, we are also announcing a reward of up to $5,000,000 for information leading to the arrest and/or conviction of any individual in any country conspiring to participate in or attempting to participate in Hive ransomware activity.