Security Leftovers

posted by Roy Schestowitz on Aug 06, 2024

• LWN ☛ Security updates for Monday

  Security updates have been issued by Debian (openjdk-11), Fedora (bind, bind-dyndb-ldap, chromium, ffmpeg, hostapd, trafficserver, and wpa_supplicant), and Ubuntu (curl and linux-oem-6.5).

• Silicon Angle ☛ Cybersecurity tool sprawl is out of control – and it’s only going to get worse

  Any chief information officer who assembled a portfolio of 130 discrete products to address a single problem would probably be accused of mismanagement. But when the problem is cybersecurity, they’re more likely to be seen as prudent.

• Pen Test Partners ☛ Fuzzy matching with Ghidra BSim, a guide

  TL;DR BSim, Ghidra’s new built-in plugin is a game-changer for reversing firmware and other stripped binaries. Rapidly identify and annotate functions from known libraries.

• OpenSSF (Linux Foundation) ☛ New Guide for Package Repositories to Adopt Trusted Publishers

  By Seth Michael Larson The Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group (WG) has just released a new guide for maintainers of open source software repositories.

• Security Week ☛ Ransomware Attack Cost Keytronic Over $17 Million

  Keytronic says the recent ransomware attack resulted in expenses and lost revenue totaling more than $17 million.

• SANS ☛ Script obfuscation using multiple instances of the same function, (Mon, Aug 5th)

  There are any number of techniques which they may employ in this area, nevertheless, the one approach, that is common to pretty much all threat actors, is the use of obfuscation.

• Qubes OS Summit 2024: Last call for proposals

  As previously announced, this year’s Qubes OS Summit will be held from September 20 to 22 in Berlin, Germany. If you would like to submit a proposal, the call for participation (CFP) closes on 2024-08-07 at 23:59 CEST (UTC+2).

• The Strategist ☛ How the critical infrastructure act demands resilience measures

  Time and time again, cyber attackers have shown nothing is off limits. Healthcare, telecommunications and banking. Education, public sector and energy.

• New York Times ☛ CrowdStrike Hits Back in Heated Spat With Delta Over Global Tech Outage

  The cybersecurity company said the airline should take the blame after it struggled to rebound from a software outage that caused disruptions worldwide.

• Scoop News Group ☛ CrowdStrike points finger back at Delta after airline threatened to sue over outages

  Delta will have to account for its own shortcomings if it follows through on a threat based on a “misleading narrative,” CrowdStrike said.

• Security Week ☛ Chinese Hackers Deliver Malware via ISP-Level DNS Poisoning

  Chinese group StormBamboo spotted delivering backdoored Windows and macOS malware by compromising an ISP and using DNS poisoning.

• Security Week ☛ Apache OFBiz Users Warned of New and Exploited Vulnerabilities

  Organizations are being warned of a newly discovered Apache OFBiz vulnerability as exploitation of another recent flaw is observed.

• [Repeat] Krebs On Security ☛ Low-Drama ‘Dark Angels’ Reap Record Ransoms

  A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. Security experts say the Dark Angels have been around since 2021, but the group doesn't get much press because they work alone and maintain a low profile, picking one target at a time and favoring mass data theft over disrupting the victim's operations.

• WhichUK ☛ Which? Get Answers podcast: how hackable is your smart home?

  We explain how the household items you expect to last years, may be letting you down and leaving you vulnerable to hackers.

• Unicorn Media ☛ IBM Report: Breach Costs Continue to Rise While Consumers Foot the Bill

  One surprise in this year's Cost of a Data Breach Report is that generative Hey Hi (AI) is being successfully used not only to prevent data breaches, but to substantially lower the cost of a breach when one happens.

• Multiple Tomcat Vulnerabilities Fixed in Ubuntu and Debian

  Tomcat, a widely-used servlet and JSP engine, has recently undergone several security updates to address critical vulnerabilities. These vulnerabilities, if exploited, could lead to denial of service (DoS) attacks or arbitrary code execution, posing significant risks to affected systems. This article explores the specifics of these vulnerabilities, their potential consequences, and provides guidance for safeguarding your Linux infrastructure.

• Education

  • Black Hat ☛ Black Hat USA 2024

    Black Hat USA returns to the Mandalay Bay Convention Center in Las Vegas with a 6-day program. The event will open with four days of specialized cybersecurity Trainings (August 3-6), with courses for all skill levels. The two-day main conference (August 7-8) will feature more than 100 selected Briefings, dozens of open-source tool demos in Arsenal, a robust Business Hall, networking and social events, and much more. View Pass Options »