Security Leftovers
-
LWN ☛ Security updates for Friday
Security updates have been issued by AlmaLinux (.NET 7.0, .NET 8.0, 389-ds:1.4, ansible-core bug fix, enhancement, and, bind and dhcp, container-tools:rhel8, edk2, exempi, fence-agents, freeglut, frr, gdk-pixbuf2, ghostscript, git-lfs, glibc, gmp, go-toolset:rhel8, grafana, grub2, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd:2.4, Image builder components bug fix, enhancement and, kernel, kernel-rt, krb5, less, LibRaw, libsndfile, libssh, libtiff, libX11, libXpm, linux-firmware, motif, mutt, nghttp2, openssh, pam, pcp, pcs, perl-Convert-ASN1, perl-CPAN, perl:5.32, pki-core:10.6 and pki-deps:10.6, pmix, poppler, python-dns, python-jinja2, python-pillow, python27:2.7, python3, python3.11, python3.11-cryptography, python3.11-urllib3, python39:3.9 and python39-devel:3.9, qt5-qtbase, resource-agents, squashfs-tools, sssd, systemd, tigervnc, traceroute, vorbis-tools, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, and zziplib), Debian (gst-plugins-base1.0), Fedora (cacti, cacti-spine, roundcubemail, and wireshark), Oracle (.NET 7.0, .NET 8.0, bind and dhcp, gdk-pixbuf2, git-lfs, glibc, grafana, krb5, pcp, python-dns, python3, sssd, tigervnc, xorg-x11-server, and xorg-x11-server-Xwayland), Red Hat (edk2, less, nghttp2, and ruby:3.0), SUSE (gstreamer-plugins-base, Java, kernel, and python-requests), and Ubuntu (ffmpeg, node-browserify-sign, postgresql-14, postgresql-15, postgresql-16, and python-pymysql).
-
Security Week ☛ In Other News: Fashion Company Apple WPS Surveillance, Canadian Gov Wants Backdoors, NIST Hey Hi (AI) Program
Noteworthy stories that might have slipped under the radar: Fashion Company Apple WPS can be abused for surveillance, Canadian government wants backdoors, NIST launches Hey Hi (AI) program.
-
Netcraft ☛ Surge in fake pharmacy campaigns abusing Firebase link shortener
Fake pharmacies sell prescription-only drugs without a license and without requiring a valid prescription from a doctor. The storefronts are advertised to consumers through web searches, social control media, and unsolicited spam emails. As you might expect, many of these platforms attempt to block known fake pharmacies.
Netcraft analysts have observed evidence of a 12-month spike in fake pharmacy campaigns using page.link (Firebase Dynamic Links), more than doubling since last year. Many of these campaigns bounce visitors through a series of redirects to disguise the eventual destination, inadvertently making it easy for fraudsters to hide malicious links in shortened URLs.
-
SANS ☛ "K1w1" InfoStealer Uses gofile.io for Exfiltration, (Fri, May 31st)
-
Hackaday ☛ Generating A Lost Password By Traveling Back In Time
It’s probable that some of you reading this will have been approached in the past by people who’ve lost the password to their crypto wallets. They hear that you’re involved in some kind of “hacking”, and they cling to the forlorn hope that you might just be able to recover their lost wealth. For most of us there’s little chance we can help, but in [Joe Grand]’s case he has made it something of a specialism. He’s given an account of how he and a friend recovered a particularly difficult password.
-
teleSUR ☛ Canada Warns of Cyber-Attacks on Sports Events [Ed: When too much gets connected to the Net, needlessly]
Communications Security Establishment (CSE), the federal agency charged with collecting electronic information and protecting the government against cyber-attacks, alerted in a newsletter about the possibility of global hacking.
-
France24 ☛ French security authorities foil plan to attack football events during Paris Olympics [Ed: Will they dump Microsoft?]
France's security authorities have foiled a plan to attack soccer events during the Paris Olympics, the country's interior minister said Friday.
-
Digital Music News ☛ Ticketmaster Faces Class Action Complaint Over Reported Data Breach: A ‘Failure to Implement and Follow Even the Most Basic Security Procedures’ [Ed: Ticketmaster crack shows that 1) you should not give personal details when you don't have to. 2) if they insist, better to feed them totally fake details than to risk the next breach with real information about real people. It's not "normal" to demand personal details like phone numbers and bank details to merely attend some music event.]
On cue, Live Nation is facing a class action complaint over the possible hack that reportedly saw criminals secure 560 million Ticketmaster customers’ personal information.
-
Security Week ☛ Hackers Boast Ticketmaster Breach on Relaunched BreachForums [Ed: 560 million fools gave a ton of personal information to merely attend some concert. Bad deal. Now they'll pay.]
The ShinyHunters hacking group has claimed the theft of 560 million Ticketmaster users’ data on a fresh BreachForums portal.
-
Security Week ☛ BBC Data Breach Impacts 25,000 Employees
The BillBC has disclosed a data breach impacting over 25,000 current and former employees, but the incident did not involve ransomware.
-
Security Week ☛ Information of Hundreds of European Politicians Found on Dark Web [Ed: "Dark Web" is a misnomer, a misleading term. They basically got compromised, and it's all out there for picking.]
The email addresses and other information of hundreds of British, French and EU politicians have been found on the dark web.
-
Tom's Hardware ☛ Windows 11 24H2 may block connections to unsecured third-party NAS devices — Abusive Monopolist Microsoft enables SMB signing for enhanced security [Ed: Vista 11 itself us unsecured, even back doored by design]
To boost security for its users, Abusive Monopolist Microsoft has disabled SMB1 and Guest Signing protocol by default, securing billions of backdoored Windows 11 24H2 PCs as it would not allow access to unsecured NAS devices, prompting the respective manufacturers to enable it.