Security Leftovers
-
SJVN ☛ Linux gets into the CVE security business
We rely on Common Vulnerabilities and Exposures (CVE) bulletins to track and catalog security problems. It's the best system we have for keeping on top of security holes. Unfortunately, it doesn't work that well. The Linux kernel community is all too aware of this, so after years of debate, they've decided to take matters into their own hands regarding Linux kernel security problems.
-
SJVN ☛ CIQ Offers Long-Term Support for AWS Rocky Linux Images
People and IT companies hate change. Once they're committed to something that works well, they don't want to move to something new and potentially unstable. That's why so many companies were unhappy when Red Hat dropped traditional CentOS. Now, CIQ, whose founder Gregory Kurtzer created the popular CentOS Linux clone, Rocky Linux, has announced it's introducing long-term support (LTS) for Rocky Linux 8.6, 8.8, and 9.2 point releases on the Amazon Web Services (AWS) Marketplace.
If your enterprise prioritizes stability and security in its software infrastructure--as it should--these new LTS versions deserve your attention. These releases will provide extended life for discontinued major and minor operating system versions and maintain point release operating system life for at least two years.
-
Hunton Andrews Kurth ☛ An Update on the SEC’s Cybersecurity Reporting Rules
As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of the filings made to date.
Six companies have now made Item 1.05 Form 8-K filings. Three of these companies also have amended their first Form 8-K filings to provide additional detail regarding subsequent events. The remainder of the filings seem self-contained such that no amendment is necessary, but these companies may amend at a later date. In general, the descriptions of the cybersecurity incidents have been written at a high level and track the requirements of the new rules without much elaboration. It is interesting, but perhaps coincidental, that the filings seem limited to two broad industry groups: technology and financial services. In particular, two of the companies are bank holding companies.
-
Data Breaches ☛ Lockbit takedown accompanied by some arrests and indictments
The U.S. Department of Justice unsealed indictments against two Russian men: Artur Sungatov allegedly used LockBit ransomware against victims. And Ivan Gennadievich Kondratyev, a.k.a. “Bassterlord,” allegedly used LockBit ransomware against targets in the United States and elsewhere. Kondratyev had been previously charged in a sealed indictment in New Jersey in May of 2022. This week, the government unsealed a second indictment in the Northern District of California. Neither Sugnatov nor Kondratyev have been arrested. In May 2023, the U.S. unsealed indictments against two other alleged affiliates: Mikhail “Wazawaka” Matveev and Mikhail Vasiliev. The latter is in custody in Canada awaiting extradition to the U.S. And in June, 2023, the U.S. announced charges against a Russian national, Ruslan Magomedovich Astamirov.
-
Data Breaches ☛ If you pay ransom, you may not get your data back and worse, you probably WILL get hit again – Cybereason Survey
Ever since ransomware attacks and “double extortion” attacks became common, law enforcement has urged victims not to pay ransom demands. Paying criminals ransom only encourages them to attack more victims, and despite criminals swearing they will delete their copy of your data that they stole, they don’t. Then, too, once you show them that you are willing to pay, you’ve made yourself more likely to be hit again.
This week, law enforcement reiterated some of the above when the NCA reported that in seizing LockBit servers, they found data from victims who had paid the ransom demands and who had been assured their data would be destroyed.
-
Data Breaches ☛ True or false, Friday law enforcement edition [Ed: LockBit3.0... should be called Windows3. The media neglects to mention the role of Windows.]
From today’s update to the LockBit3.0 blog, now under the control of law enforcement, we read claims that law enforcement knows who and where LockBitSupp is, and that he drives a Mercedes and not a Lamborghini.
Now that last bit may be enough to get a response from LockBitSupp if they’re just trolling him. But are they trolling when they claim he has engaged with law enforcement?
-
Computing UK ☛ Massive data leak exposes Chinese infosec vendor's cyberattacks-for-hire
Documents outline the use of hardware hacking devices, including a malicious power bank designed to surreptitiously upload data into victims' systems
[...]
I-Soon is a Shanghai-based company believed to be among numerous private contractors aiding the Chinese government in intelligence gathering, hacking and surveillance endeavours.
Among the trove shared on GitHub are emails, conversations, images and a plethora of documents detailing contracts and communications between I-Soon and Chinese authorities.