Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (amanda, aom, bluez, python-jwcrypto, and thunderbird), Fedora (chromium, firefox, and thunderbird), Red Hat (bubblewrap and flatpak, containernetworking-plugins, flatpak, and runc), Slackware (python3), SUSE (apache2, bubblewrap and flatpak, postgresql16, and wireshark), and Ubuntu (thunderbird).
-
Security Week ☛ Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information
A Kazakhstani and a Russian national were indicted in the US for operating dark web sites facilitating PII, card, and banking information trading.
-
William ☛ William Brown: Yubikey Key Vulnerability - How It Affects You
On the 3rd of September, Yubico announced YSA-2024-03, a vulnerability in the infineon
-
SANS ☛ Password Cracking - Energy: More Dedails, (Sun, Sep 8th)
Here are more details on the power consumption of my desktop computer when I crack passwords....
-
Bruce Schneier ☛ Australia Threatens to Force Companies to Break Encryption
In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption.
The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include:
- Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted data from law enforcement to teleco and technology companies. Companies are not legally obligated to comply with a TAR but law enforcement sends requests to solicit cooperation.
-
TechRadar ☛ Critical remote code execution vulnerability discovered in Abusive Monopolist Microsoft backdoored Windows Wi-Fi drivers
A new critical cybersecurity threat has been discovered by CYFIRMA Research, involving a severe remote code execution (RCE) vulnerability identified as CVE-2024-30078. This flaw affects the Wi-Fi drivers in multiple versions of Microsoft Windows, posing a potential risk to over 1.6 billion active devices worldwide.
-
Federal News Network ☛ DHS cyber review board to announce latest project ‘soon’
DHS is asking Congress to help the Cyber Safety Review Board with legislative authorities, funding and subpoena powers to aid its cyber incident investigations.
-
Security Week ☛ 300,000 Impacted by Data Breach at Car Rental Firm Avis
Avis Car Rental is notifying roughly 300,000 individuals that their personal information was stolen in an August 2024 data breach.
-
Security Week ☛ New RAMBO Attack Allows Air-Gapped Data Theft via RAM Radio Signals
An academic researcher has devised a new method of exfiltrating data from air-gapped systems using radio signals from memory buses.
-
Security Week ☛ Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks
A recently patched SonicWall vulnerability tracked as CVE-2024-40766 may have been exploited in ransomware attacks.
-
Silicon Angle ☛ Avis Car Rental reports data breach affecting nearly 300,000 customers
Avis Car Rental LLC has disclosed that it has suffered a “data security incident” with customer information stolen. Disclosed in a Sept. 4 letter to customers filed with the California Attorney General, the incident took place on Aug. 5 and involved an authorized third party gaining access to one of the company’s business applications.
-
Zimbabwe ☛ Deposit Protection Corporation website briefly compromised, issue promptly resolved but questions remain
Late last month, we discussed Zimbabwe being the third most cyber-attacked country in the world. Certain reports supported this claim, although many disagreed with the ranking.
-
Security Week ☛ Predator Spyware Resurfaces With Fresh Infrastructure
Recorded Future observes renewed Predator spyware activity on fresh infrastructure after a drop caused by US sanctions.
-
Security Week ☛ One Million US Kaspersky Customers Transferred to Pango’s UltraAV
Kaspersky’s customers in the US are being acquired by cybersecurity firm Pango and will be offered UltraAV antimalware software.
-
Integrity/Availability/Authenticity
-
Linuxiac ☛ How to Secure SSH Server with SSHGuard: A Practical Guide
SSH (Secure Shell) serves as a critical entry point to your server, offering a powerful, encrypted method of remote administration. However, its security is only as strong as the measures to protect it.
Enter SSHGuard—a robust tool designed to shield your SSH server from brute-force attacks and other common vulnerabilities. This guide will show you the practical steps to implement it, enhancing your server’s security and giving you peace of mind.
-
-
Windows TCO
-
Cyble Inc ☛ Researchers Trace Loki Backdoor To Mythic Framework
The Loki loader generates a packet containing information about the infected system, which is then encrypted and sent to the command-and-control (C2) server. The server’s response includes a DLL that the loader places in the infected device’s memory, where further command processing and communication with the C2 server occur.
-