Security Leftovers
-
OpenSSF (Linux Foundation) ☛ Unveiling the Golden Egg Award Winners: Celebrating Excellence in Open Source Security
We’re excited to announce the winners of the Golden Egg Awards. These awards shine a light on those who go above and beyond in enriching our community. The Golden Egg Award symbolizes the community’s gratitude for selfless dedication to securing open source projects through community engagement, engineering, innovation, and thoughtful leadership.
-
Bruce Schneier ☛ New Lattice Cryptanalytic Technique
A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems.
-
LWN ☛ OpenSSF and OpenJS warn about social-engineering attacks
The Open Source Security Foundation and the OpenJS Foundation have jointly
posted a
warning about XZ-like social-engineering attacks after OpenJS was
seemingly targeted.
-
Lawsuits mount and cyberattack could cost UnitedHealth Group up to $1.6B this year
Today, Snowbeck reports that the attack could cost UnitedHealth Group up to $1.6B this year. UHG reportedly spent about $872 million during the first quarter responding to the Change Healthcare cyberattack and anticipates the costs may come to $1.6 billion for the year.
-
Data allegedly from Change Healthcare ransomware attack raises more questions than answers (1)
When Change Healthcare was the victim of a ransomware attack in February, it was a “double extortion” attack. Systems were encrypted, and data was exfiltrated. According to an affiliate who claimed to be responsible for the data exfiltration, AlphV locked the systems and conducted the negotiations with Change Healthcare on behalf of themself and the affiliate who had done the exfiltration. But then AlphV allegedly made a deal with the victim, took the money, and ran after allegedly only giving Change Healthcare a decryptor key. The exit scam left Change Healthcare without their data returned or destroyed, and left the affiliate without any pay for the 4 TB of data they claimed to possess.
-
Linux Backdoor Infection Scare, Massive Social Security Number Heist [Ed: Xz is not Linux]
In episode 325, Tom and Kevin discuss a significant backdoor threat that nearly compromised Linux systems globally, stemming from an infiltration into an open-source project called XZ Utils by attackers who gained commit access and inserted a backdoor. The episode further delves into a cybersecurity incident where hackers stole 340,000 social security numbers from a government consulting firm, emphasizing the implications and broader concerns related to data security in government contractors and the inefficacy of response mechanisms. Additionally, the hosts explore the negative influences of marketing in the cybersecurity industry, particularly following significant security breaches.
-
Cyber Security News ☛ Hackers Actively Using Pupy RAT to Attack Linux Systems [Ed: Seems to impact out-of-date and unpatched systems, they don't bother to explain how the malware gets into the system in the first place (probably nothing to do with "Linux")]
Organizations and individuals alike are advised to keep their systems updated, employ advanced threat detection solutions, and educate users on the risks of phishing and other social engineering tactics.