Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Fedora (clamav and virtiofsd), Oracle (gimp), Red Hat (gnutls and nss), SUSE (kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t and squid), and Ubuntu (openssl).
-
LWN ☛ [PATCH] Documentation: Document the Linux Kernel CVE process
The Linux kernel project now has the ability to assign CVEs to fixed issues, so document the process and how individual developers can get a CVE if one is not automatically assigned for their fixes.
-
LWN ☛ The kernel becomes its own CNA
Greg Kroah-Hartman has announced that the kernel project has been accepted as a CVE numbering authority (CNA).
-
eSecurity Planet ☛ VulnRecap 2/12/24: Ivanti, JetBrains, Fortinet, Linux Issues [Ed: This is a Microsoft issues ('secure' boot), inherited by 'Linux' because of Microsoft saboteurs]
This week saw some repeat products from previous vulnerability recaps, such as Ivanti Policy Secure and JetBrains TeamCity servers. One of the most notable vulnerabilities for this week is Fortinet’s critical FortiOS issue, which affects Fortinet products that use the affected versions of the network operating system. Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can stay on top of all threats.
[...]
The problem: Linux distributions have seen a new vulnerability, a remote code execution in the Shim software Secure Boot process. This code exists in all software that uses Secure Boot, like SUSE, Red Hat, and Debian. The RCE vulnerability is tracked as CVE-2023-40547 and has a severity rating of 8.3. This is not to be confused with last week’s heap-based buffer overflow vulnerability.
-
The Register UK ☛ DNSSEC vulnerability puts big chunk of the internet at risk • The Register
-
Windows TCO
-
Cyberattack shuts down Colorado public defender’s office
A cyberattack on the Office of the Colorado State Public Defender forced the agency to shut down its computer network, locking public defenders across the state out of critical work systems and prompting attorneys to seek delays in their court cases.
Office spokesman James Karbach confirmed the breach in a statement Monday, saying officials “recently became aware that some data within our computer system was encrypted by malware.”
-
CyberRisk Alliance LLC ☛ Rhysida ransomware decryptor publicly released
A Rhysida ransomware decryption tool has been publicly released and detailed in a preprint paper by South Korean researchers Friday.
The Rhysida decryptor takes advantage of a vulnerability in the ransomware’s encryption process, enabling the process to be reverse engineered to recover files.
The researchers from Kookmin University and the Korea Internet & Security Agency (KISA) developed a method to predict the encryption keys generated by Rhysida as well as the order in which the malware encrypts files.
-
The Register UK ☛ Korean eggheads crack Rhysida ransomware and release free decryptor tool
The Rhysida malware, once on a victim's Windows PC, locates the documents it wishes to scramble, compiles them into a list, and fires up some simultaneous threads to perform that encryption. Each thread picks the next file on its todo pile to process, and uses the CSPRNG to generate a key to encrypt that document using the standard AES-256 algorithm. The key is stored in the scrambled file albeit encrypted using a hardcoded RSA public key. You'll need the private half of that RSA key pair to recover the file's AES key and unscramble the data.
-
Data Breaches ☛ HC3: Analyst Note: Akira Ransomware
Akira ransomware is a relatively new ransomware gang that has demonstrated aggressive and capable targeting of the U.S. health sector in its short lifespan. U.S. healthcare organizations are advised to follow the steps in this alert to minimize their risk of attack.
-
The Register UK ☛ Microsoft may have pulled support for old PCs in Win11 24H2 • The Register
-