Security Leftovers
-
Security Week ☛ Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities
Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox updates.
-
Security Week ☛ Redis Servers Targeted With New ‘Migo’ Malware [Ed: At least this article, unlike others, does not blame "Linux"]
Attackers weaken Redis instances to deploy the new Migo malware and install a rootkit and cryptominers.
-
LinuxSecurity ☛ Cryptocurrency Mining Migo Malware Attacks GNU/Linux Redis Servers
A new malware dubbed ''Migo'' that is targeting GNU/Linux Redis servers to mine cryptocurrency via a cryptojacking attack has been discovered. This campaign employs many Redis system-weakening commands to potentially disable data store security features that could hinder their initial attempts at access.
-
Security Week ☛ Diversifying Defenses: FjordPhantom Malware Shows Importance of a Multi-Pronged Approach
Security teams need to combine the angles of client-side and server-side detection in order to have the best chance of mitigating the risk of advanced mobile malware.
-
Krebs On Security ☛ New Leak Shows Business Side of China’s APT Menace
A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry.
-
Integrity/Availability/Authenticity
-
Bruce Schneier ☛ Details of a Phone Scam
First-person account of someone who fell for a scam, that started as a fake Amazon service rep and ended with a fake CIA agent, and lost $50,000 cash. And this is not a naive or stupid person.
-
SANS ☛ Phishing pages hosted on archive.org, (Wed, Feb 21st)
The Internet Archive is a well-known and much-admired institution [...] which is hosted on https://archive.org/, one can view archived historical web pages from as far back as 1996.
-
Silicon Angle ☛ CrowdStrike warns of surge in adversaries using stolen credentials to exploit cloud environments
A new report released today by CrowdStrike Holdings Inc. warns of a surge in adversaries leveraging stolen identify credentials to exploit gaps in cloud environments and to maximize the steal, speed and impact of cyberattacks.
-
SANS ☛ Friend, foe or something in between: The grey area of 'security research', (Thu, Feb 22nd)
-
-
Windows TCO
-
The Register UK ☛ US pharmacies downed by 'cyber security issue'
UnitedHealth just told the stock market, via America's securities watchdog, that a "suspected nation-state associated cyber security threat actor" is responsible for the attack on its systems this week, and that this person gained access to parts of Change's IT environment.
-
Zimbabwe ☛ Malawi unable to print passports, as hackers take over immigration system. Or not!
President Lazarus Chakwera said this week that Malawi’s immigration system, used for passport printing, was hacked and remains under hacker control. Consequently, the country is unable to issue passports to its citizens.
President Chakwera, in a statement to parliament, confirmed the hacking but did not disclose the hackers’ identity. He added that they are demanding a ransom in exchange for relinquishing control of the system. The ransom amount remains unclear.
-
NL Times ☛ 147 ransomware attacks on large Dutch companies, institutions last year; 18% paid ransom
It is only recently that law enforcement and the security industry have started sharing information about ransomware attacks. The Melissa collaborative project was set up for this purpose last year, in which the Public Prosecution Service, the National Cybersecurity Center, and Cyberveilig Nederland also participate.
The figures only include reports from companies with over 100 employees. According to forensic expert Willem Zeeman of Fox-IT, one of the affiliated security companies, they provide a clear picture of the scale of the attacks for the first time, although the real figures are probably higher. “Not all companies report an attack for fear of reputational damage.”
-
Cyble Inc ☛ LockBit Takedown: Why Paying Ransomware Won't Save You
The cybersecurity community was rocked by a massive event when LockBit Ransomware once a powerful domain suddenly changed, displaying flags of nations united against cybercrime. On February 20, 2024, the Department of Justice, working with law enforcement agencies worldwide, dealt a major blow to LockBit’s illegal operations.
In a decisive move, authorities targeted one of the world’s biggest ransomware groups, taking control of its systems and capturing key members.
-