Security and Windows TCO

posted by Roy Schestowitz on Sep 14, 2024

• LWN ☛ Security updates for Friday

  Security updates have been issued by Fedora (haproxy, osc, and python3.11), Oracle (389-ds:1.4), Red Hat (kernel), SUSE (clamav, colord, kernel, postgresql16, and qemu), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-raspi, linux-azure, linux-azure-5.15, linux-azure-fde, linux-lowlatency-hwe-6.8, linux-nvidia-6.8, and linux-xilinx-zynqmp).

• Security Week ☛ New ‘Hadooken’ GNU/Linux Malware Targets WebLogic Servers [Ed: WebLogic is proprietary, therein lies the problem]

  The recently observed Hadooken malware targeting Oracle WebLogic applications is linked to multiple ransomware families.

• Hacker News ☛ New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

  Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining and deliver botnet malware.

• Security Week ☛ 1.3 Million Android TV Boxes Infected by Vo1d Malware

  Doctor Web warns of the new Vo1d Android malware infecting roughly 1.3 million TV boxes running older OS versions.

• SANS ☛ Finding Honeypot Data Clusters Using DBSCAN: Part 2, (Fri, Sep 13th)

• Security Week ☛ Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks

  Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys.

• Federal News Network ☛ CISA review: ‘Low hanging’ cyber lapses plague critical infrastructure

  CISA assessment teams have been emulating China-linked threat groups, like Volt Typhoon, to test the cyber defenses of critical infrastructure.

• Federal News Network ☛ State Dept looks to test cyber data automation project by year’s end

  The State Department's Bureau of Diplomatic Security is develop a minimum viable product meant to help analysts process incoming cyber data.

• Security Week ☛ In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit

  Noteworthy stories that might have slipped under the radar: a possible Adobe Reader zero-day, researchers mistakenly hijack .mobi TLD, and an exploited WhatsApp View Once bypass.

• Security Week ☛ House Report Shows Chinese Cranes a Security Risk to US Ports

  A joint report from the Committees on China and Homeland Security warns of the security risks posed by Chinese cranes in US ports.

• Security Week ☛ UK Data Centers Gain Critical Infrastructure Status, Raising Green Belt Controversy

  The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

• Security Week ☛ UK Teen Arrested Over Transport for London Hack [Ed: TfL won't punish the people who made such an awful, vulnerable system but kids who take advantage]

  A 17-year-old from England has been arrested by the NCA over the recent cyberattack on Transport for London.

• OpenSSF (Linux Foundation) ☛ Must-Attend Sessions at SOSS Community Day EU and Open Source Summit Europe 2024

  Secure Open Source Software (SOSS) Community Day EU and Open Source Summit Europe 2024 are just around the corner in Vienna, Austria! Join fellow open source enthusiasts from September 16 - 19, 2024, as they come together to connect, share knowledge, and push the boundaries of innovation in the open source world.

• Trail of Bits ☛ Friends don’t let friends reuse nonces

  By Joe Doyle If you’ve encountered cryptography software, you’ve probably heard the advice to never use a nonce twice—in fact, that’s where the word nonce (number used once) comes from. Depending on the cryptography involved, a reused nonce can reveal encrypted messages, or even leak your secret key!

• Windows TCO

  • Security Week ☛ Post-CrowdStrike Fallout: Abusive Monopolist Microsoft Redesigning EDR Vendor Access to backdoored Windows Kernel

    Microsoft is revamping how anti-malware tools interact with the backdoored Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

  • ZDNet ☛ Microsoft 365 was down for thousands of users – here’s what happened

    Did you have trouble accessing Microsoft 365 earlier today? You weren’t alone. The site was down for thousands of people, according to outage tracker DownDetector. At the peak at around 9 AM ET, more than 24,000 people had reported issues attempting to access the site. But the site and related Microsoft online services all appear to be back up at this point.