Windows TCO and Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by AlmaLinux (firefox, tbb, and thunderbird), Debian (cacti, libtasn1-6, and rust-openssl), Oracle (galera and mariadb, kernel, raptor2, and thunderbird), SUSE (bind, fq, java-21-openj9, libtasn1-6-32bit, ovmf, python310, python312, python313, python314, rime-schema-all, thunderbird, and wget), and Ubuntu (eglibc, firefox, glibc, linux, linux-aws, linux-lts-xenial, ruby2.3, ruby2.5, and vim).
-
Kernel Space
-
[Old] ACM ☛ SoK: Understanding Designs Choices and Pitfalls of Trusted Execution Environments [PDF]
Trusted execution environment (TEE) is a revolutionary technology that enables secure remote execution (SRE) of cloud workloads on untrusted server-side computing platforms. Both commercial and academic TEEs have been proposed in the past few years, including Intel’s SGX and TDX, AMD’s SEV, ARM’s CCA, IBM’s PEF, and their academic counterparts built atop open-source RISC-V proces- sors, such as Keystone, Sanctum, CURE, and Penglai. While great efforts from both sides have been made in developing a confidential computing ecosystem, the existence of server-side TEEs with dras- tically different designs and the presence of various known attacks have significantly increased the difficulty of understanding TEE designs and the reasons behind existing attacks.
-
-
Windows TCO / Windows Bot Nets
-
The Hindu ☛ Struggling with poor cyber security
This is not the first time that the State’s critical information infrastructure has come under attack. In 2017, the Karnataka State Data Centre fell victim to the WannaCry ransomware attack, which spreads by exploiting vulnerabilities in the Windows operating system. In 2019, the State’s e-procurement portal was hacked leading to a theft of ₹11.5 crore. In 2022, the systems of the National Institute of Mental Health and Neurosciences were attacked. However, as the DDoS attack shows, no lessons seem to have been learned from earlier attacks and the gaps identified in the State’s response have still not been filled.
-
The Register UK ☛ Coast Guard falls short on maritime cybersecurity, GAO says
As thelead agency tasked with managing these risks, the US Coast Guard provides maritime transportation system (MTS) owners and operators technical assistance, threat intelligence, and other help to implement cybersecurity best practices.
The Coast Guard also provides facility and vessel inspections during which its officers document any security flaws they find.
-
Scoop News Group ☛ U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure
A consortium of U.S., Australian and U.K. officials announced coordinated sanctions Tuesday against Zservers, a Russia-based bulletproof hosting provider. The action targets the company for its role in facilitating ransomware attacks, most notably those conducted by the LockBit ransomware-as-a-service (RaaS) group.
-
The Register UK ☛ Triplestrength hits with ransomware, cloud [cryptocurrency] mining
These ransomware infections target on-premises systems only — not cloud infrastructure — and unlike most modern ransomware criminals, they don't involve double-extortion. This is where the thieves first steal victims' files, then encrypt the stolen data, and threaten to leak or sell it if the victim doesn't pay a ransom demand. Instead, files are encrypted, and payment is demanded to provide a means for unscrambling that data, the old school way.
The Microsoft Windows malware used in these infections has included Phobos, LokiLocker, and RCRU64, which are all leased to criminal groups under a ransomware-as-a-service model (RaaS) – but aren't the more popular brands like RansomHub and Lockbit, typically seen in recent intrusions.
-
Google ☛ Cybercrime: A Multifaceted National Security Threat
Cybercrime makes up a majority of the malicious activity online and occupies the majority of defenders' resources. In 2024, Mandiant Consulting responded to almost four times more intrusions conducted by financially motivated actors than state-backed intrusions. Despite this overwhelming volume, cybercrime receives much less attention from national security practitioners than the threat from state-backed groups. While the threat from state-backed hacking is rightly understood to be severe, it should not be evaluated in isolation from financially motivated intrusions.
-
IT Wire ☛ iTWire - How to outsmart ransomware and build resilience within your organisation
For example, LockBit 3.0 uses a triple extortion strategy, demanding a ransom for encrypted data while also threatening to release sensitive information and further disrupt operations if the ransom is not paid.
Jason Whyte, general manager for Asia Pacific, Trustwave, said, "Attackers are no longer relying on a single approach; they’re using a combination of strategies, including phishing and exploiting software vulnerabilities. This makes it increasingly difficult for organisations to keep up, as they're dealing with highly organised, sophisticated threat actor groups that are continuously innovating and exploring new weaknesses to exploit."
-
The Record ☛ 8Base ransomware site taken down as Thai authorities arrest 4 connected to operation
The leak site for the 8Base ransomware gang was taken down Monday and replaced with a banner by multiple law enforcement agencies.
The takedown notice was posted hours after news outlets in Thailand reported on the arrest of four people allegedly involved in the ransomware operation.
-