Security Leftovers and Windows TCO

posted by Roy Schestowitz on Jan 22, 2025

• Bruce Schneier ☛ Biden Signs New Cybersecurity Order [Ed: But he did not cancel all the Microsoft contracts, so it's more like lip service]

  President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide.

• Defence Web ☛ South Africa faces escalating cybersecurity threats to critical infrastructure [Ed: Too much Microsoft]

  As cybercrime incidents rise globally, South Africa is grappling with an increasing frequency of cyber-attacks targeting critical infrastructure across various sectors. The State Security Agency (SSA) has acknowledged that the nation faces significant threats, with ransomware attacks emerging as a predominant concern over the past year.

• Hackaday ☛ Bambu Lab Tries To Clarify Its New “Beta” Authentication Scheme

  Perhaps one of the most fascinating aspects of any developing tech scandal is the way that the target company handles criticism and feedback from the community. After announcing a new authentication scheme for cloud & LAN-based operations a few days ago, Bambu Lab today posted an update that’s supposed to address said criticism and feedback. This follows the original announcement which had the 3D printer community up in arms, and quickly saw the new tool that’s supposed to provide safe and secure communications with Bambu Lab printers ripped apart to extract the security certificate and private key.

• Windows TCO / Windows Bot Nets

  • The Straits Times ☛ Hit by wave of online attacks, Japan shifts to ‘active cyber defence’

    The urgency to ramp up cyber security has never been more acute in the country.

  • Scoop News Group ☛ Ransomware groups pose as fake tech support over Teams

    Posing as tech support is a well-known social engineering scheme for malicious hackers, and has been used by cybercriminal groups like Lapsus$ to compromise large, multinational businesses. But the targeting of Office 365 and Teams has come mainly against smaller organizations and reflects how threat groups have increasingly capitalized on the rush by small and mid-sized businesses to move to the cloud and digitize, particularly in the wake of the COVID-19 pandemic.

    For many of these smaller organizations, using unfamiliar software like Microsoft Office 365, Teams, and Azure for the first time left them vulnerable to attackers.

  • Positech Games ☛ Update hell. How did we get here?

    Right now, I have a laptop that works (apart from video and sound, which is unusable) and a desktop that works. I do not want ANY updates from microsoft on anything, ever again. I simply do not trust the people working there to be able to write code. Ditto samsung. Just leave me the fuck alone. If it was possible to globally opt out of all updates on my TV I would do so. These are not new games getting cool feature improvements and new content. They are apps that work. My expectations of software in 2025 are now so low, that simply having programs that vaguely work is the gold standard, and I will not risk any new code written by people who clearly have zero clue what they are doing.

  • Engadget ☛ DoJ remotely cleaned thousands of computers infected with Chinese malware

    According to the DOJ press release, hacker groups known as Mustang Panda and Twill Typhoon received backing from the Chinese government to use PlugX to infect, control and gather information from computers outside China. The action to delete the PlugX malware from US computers began in August 2024. It was conducted in cooperation with French law enforcement and with Sekoia.io, a France-based private cybersecurity company. Sekoia.io has found PlugX malware in more than 170 countries.

  • Seth Godin ☛ Kinds of incompetence

    The worst is uncaring. We know the work doesn’t meet spec, but we don’t bother to fix it.

  • Tripwire ☛ Medusa Ransomware: What You Need To Know

    Medusa is a ransomware-as-a-service (RaaS) platform that first came to prominence in 2023. The ransomware impacts organisations running Windows, predominantly exploiting vulnerable and unpatched systems and hijacking accounts through initial access brokers.