Security Leftovers

posted by Roy Schestowitz on Mar 10, 2024

• Security updates for Friday

  Security updates have been issued by Debian (fontforge), Fedora (chromium, iwd, libell, and thunderbird), Oracle (buildah, kernel, skopeo, and tomcat), Red Hat (opencryptoki), Slackware (ghostscript), SUSE (go1.21, go1.22, google-oauth-java-client, jetty-minimal, openssl-1_0_0, python310, sudo, wpa_supplicant, and xmlgraphics-batik), and Ubuntu (libhtmlcleaner-java, linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-lowlatency-hwe-5.15, linux-nvidia, linux-azure, linux-azure-6.5, linux-hwe-6.5, mqtt-client, ncurses, and puma).

• LinuxSecurity ☛ Docker, Hadoop, Confluence, Redis at Risk of New Cryptomining Attack [Ed: At least this one does not blame "Linux"]

  A recent attack campaign targeted publicly accessible Docker , Hadoop , Confluence, and Redis deployments. The attackers exploited misconfigurations and known vulnerabilities to implant cryptominers on compromised systems. As GNU/Linux admins, infosec professionals, Internet security enthusiasts, and sysadmins, it is crucial to understand the implications of this attack and take appropriate measures to protect our systems.

• LinuxSecurity ☛ Its Time to Add Some GUAC to Open-Source Supply Chain Security!

  Integrating the Graph for Understanding Artifact Composition (GUAC) in the open-source security framework has tremendous potential to improve software supply chain security . GUAC is an initiative introduced by Google, Kusari, Purdue University, and Citi that aggregates software security metadata into a high-fidelity graph database.

• Trail of Bits ☛ Out of the kernel, into the tokens

  We’re digging up the archives of vulnerabilities that Trail of Bits has reported over the years. This post shares the story of two such issues: a denial-of-service (DoS) vulnerability hidden in JSON Web Tokens (JWTs), and an oversight in the Linux kernel that could enable circumvention [...]

• Emerging Trends in Embedded Linux IoT Security

  Embedded Linux systems play a pivotal role in powering a wide array of devices, from smart home gadgets to industrial machinery. Numerous applications, such as Internet of Things (IoT) devices, industrial control systems, automotive systems, medical equipment, and more, use these embedded systems. As IoT devices become increasingly prevalent, securing connected devices is a critical challenge. In this article, we’ll look at the latest trends in embedded Linux IoT security and how they are shaping the future of cybersecurity.

• 41 State Attorneys General tell Meta to do better in preventing and mitigating account takeovers

  A coalition of state attorneys general have sent a letter to Meta asking them to do more to help users whose accounts have been hacked or taken over.

• Canada ☛ Hamilton’s ransomware attack, week two: What we know and what we don’t

  On Feb. 25, a sprawling cyberattack hit the City of Hamilton’s digital network, disrupting phone lines, emails, and databases the municipality uses every day.

  The crisis is almost two weeks old, and the city remains largely locked out of its systems. Phone lines remain down, council meetings have been postponed, registration to recreation programs is suspended, and childhood vaccination efforts are delayed, among other issues. There is no clear picture as to when the city will be back up and running normally.

  Although the city has provided some updates on affected services and the nature of the cyber attack, much of it has been shrouded in secrecy, with officials citing security concerns for not sharing details with the public.

• Indiana Attorney General Files Suit Against Apria Healthcare

  Attorney General Todd Rokita is filing a lawsuit on behalf of the people of Indiana against Apria Healthcare LLC for a massive data breach that impacted at least 42,000 Hoosiers and 1.8 million people nationwide.

  Apria is a provider of home healthcare equipment and related services across the United States. Apria provides medical equipment to over 2 million patients across 270 locations, including Indiana.

  “Patients should be able to trust their medical providers at all times,” Attorney General Rokita said. “All Hoosier patients deserve their privacy, especially when it comes to medical care.”

• System Status Note

  Yesterday, DataBreaches.net was hit with a massive DDoS attack that also affected PogoWasRight.org.

  DataBreaches.net is now back online: all the posts are back up, and media files are in the process of being reuploaded. PogoWasRight will be back online by the end of tomorrow.

  Thank you to everyone who reached out to me because they missed reading DataBreaches.net and wanted to know what was going on. And special thanks to those who reached out to offer their help and skills. You are greatly appreciated.

• Information Security Media Group, Corporation ☛ Banning Ransom Payments: Calls Grow to ‘Figure Out’ Approach

  How might banning ransomware victims from paying a ransom to their attacker work in practice?

  As ransomware groups are causing massive damage and disruption and showing no signs of stopping, Ciaran Martin, the former head of Britain’s National Cyber Security Center, said “it’s time to figure out how to make a ransomware payments ban work.”

  Writing in a recent London Times op-ed, he emphasized that while governments need to start finding answers to this question, bans shouldn’t be immediate. “Note: I said how to make a ban work,” said Martin, who’s now a professor of practice at Oxford University. “We’re not ready for one tomorrow. But we’re not trying to get ready either.”

• Finextra Research ☛ UniCredit hit with £2.3 million fine for data breach

  UniCredit, Italy’s second-largest bank, has been fined €2.8 million (£2.3 million) by the country’s data protection authority over 2018 data breach case.

  The 2018 cyber attack on the bank’s mobile banking platform impacted the data over 750,000 customers. The sanction, announced on Thursday, is a reminder that “banks must take all necessary technical and organisational and security measures to prevent their customers’ data from being unlawfully stolen,” the authority commented.

  The 2018 breach was no outlier for UniCredit.