Security and Windows TCO Leftovers

posted by Roy Schestowitz on Mar 31, 2024

• Security Week ☛ In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Fashion Company Apple MFA Bombing

  Noteworthy stories that might have slipped under the radar: US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Fashion Company Apple users.

• Kernel Space

  • [Repeat]The Register UK ☛ Easy privilege escalation exploit lands for Linux kernels

    The vulnerability is tracked as CVE-2024-1086. It is rated 7.8 out of 10 in terms of CVSS severity. It was patched at the end of January, updates have been rolling out since then, and if you haven't yet upgraded your vulnerable kernel and local privilege escalation (LPE) is a concern, take a closer look at this thing.

Windows TCO

• [Old] British Library ☛ British Library website updates

  We're continuing to experience a major technology outage as a result of a cyber-attack. Our buildings are open as usual, however, the outage is still affecting our website, online systems and services, as well as some onsite services. This is a temporary website, with limited content outlining the services that are currently available, as well as what's on at the Library.

• [Old] British Library ☛ Cyber incident update

  We anticipate restoring more services over the coming months, but disruption to certain services is expected to persist for longer. Read these recent blogs from our Chief Executive, Sir Roly Keating, to find out more about the attack and its impact, and our plans for restoring services.

  We have now also published a paper (PDF, 1.48mb) about the attack. Its goal is to share our understanding of what happened and to help others learn from our experience.

• [Old] British Library ☛ Learning lessons from the cyber-attack - Knowledge Matters blog

  We remain conscious at all times of security, and have sought to avoid providing information that could in any way aid future attacks, or inhibit the law enforcement agencies in their task of tracking down the perpetrators. The paper does not go into detail about costs, as the net financial impact of the attack is still under review, nor have we gone into detail about the organisation behind the attack, Rhysida, as this information is better available from other sources such as the specialist technology press.

• [Old] British Library ☛ Restoring our services – 22 February 2024 update - Knowledge Matters blog

  Our recovery plan is now advancing, and I thought it would be helpful to share an indicative list of the improvements and restorations of service you’re likely to see between now and the middle of the year, by which time we hope to have restored the majority of our key services, even if the method of delivery may be unfamiliar in some cases.