Security Leftovers and Windows TCO

posted by Roy Schestowitz on Mar 19, 2025

• LWN ☛ Security updates for Tuesday

  Security updates have been issued by Debian (freetype and rails), Fedora (mosquitto and python-django4.2), Mageia (libarchive, libreoffice, php, and quictls), Red Hat (webkit2gtk3), SUSE (erlang, nethack, python312, and wpa_supplicant), and Ubuntu (freetype and plantuml).

• Security Week ☛ Google Releases Major Update for Open Source Vulnerability Scanner

  Google has integrated OSV-SCALIBR features into OSV-Scanner, its free vulnerability scanner for open source developers.

• Security Week ☛ Google to Acquire Cloud Security Giant Wiz for $32 Billion in Cash

  Google has confirmed reports that it’s buying cloud security giant Wiz and says it’s prepared to pay $32 billion in cash.

• Silicon Angle ☛ In its largest-ever acquisition, Surveillance Giant Google buys cybersecurity startup Wiz for $32B

  Confirming recent rumors, Surveillance Giant Google LLC today announced plans to acquire Wiz Inc. for $32 billion. The all-cash transaction values the cybersecurity startup $20 billion higher than what it was worth following its most recent funding round.

• Scoop News Group ☛ Google acquires Wiz for $32 billion

  Wiz co-founder Asaaf Rappaport said the company will remain focused on protecting a wide range of cloud services.

• New York Times ☛ Google Seals $32 Billion Deal for Cyber Start-Up Wiz

  The acquisition could make the Silicon Valley giant a bigger force in cybersecurity, and arrives months after an earlier round of talks collapsed.

• Security Week ☛ Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover

  A critical vulnerability affecting baseboard management controller (BMC) firmware made by AMI could expose many devices to remote attacks.

• Tom's Hardware ☛ Akira ransomware can be cracked with 16 RTX 4090 GPUs in around ten hours — new counterattack breaks encryption

  Tinyhack publishes a full how-to guide on brute-forcing past the Akira ransomware's encryption attack and freeing captive files.

• Security Affairs ☛ Researcher releases free GPU-Based decryptor for Linux Akira ransomware

  Security researcher Yohanes Nugroho created a free decryptor for Linux Akira ransomware, using GPUs to brute force the decryption keys. Initially estimating a week, the project took three weeks and cost $1,200 in GPU resources due to unexpected complexities. The tool doesn’t work like traditional decryptors but instead brute-forces encryption keys using timestamp-based methods.

• New decryptor targets Akira ransomware with GPU technology for Linux systems

  This newly developed decryptor bypasses the need for a user-supplied key by employing brute-force tactics, exploiting Akira's reliance on nanosecond-level, time-based encryption seeds

• OpenSSF (Linux Foundation) ☛ 'Linux' Foundation Research Reports Reveal Wide Spectrum for Cyber Resilience Act Readiness and Compliance [Ed: GAFAM lobbyism presented as "'Linux' Foundation Research"]

• Yahoo News ☛ Linux Foundation Research Reports Reveal Wide Spectrum for Cyber Resilience Act Readiness and Compliance

• Security Week ☛ US Lawmakers Reintroduce Bill to Boost Rural Water Cybersecurity

  US representatives and senators have reintroduced a bipartisan bill to support the cybersecurity of small water and wastewater utilities.

• Security Week ☛ Western Alliance Bank Discloses Data Breach Linked to Cleo Hack

  The personal information of 22,000 Western Alliance Bank customers was stolen in a data breach linked to Cl0p’s hacking of the Cleo file transfer tool.

• Security Week ☛ HP Launches Printers with Quantum Resilient Cryptography

  Printers can sit in the corner for ten years or more, while quantum decryption is thought by many to be less than 10 years away.

• Federal News Network ☛ Lawmakers probe DHS cyber ‘Typhoon’ response, future of CSRB

  Meanwhile, fired probationary staff at DHS's Cybersecurity and Infrastructure Security Agency are being reinstated this week.

• Bruce Schneier ☛ Is Security Human Factors Research Skewed Towards Western Ideas and Habits?

  Really interesting research: “How WEIRD is Usable Privacy and Security Research?” by Ayako A. Hasegawa Daisuke Inoue, and Mitsuaki Akiyama:

  Abstract: In human factor fields such as human-computer interaction (HCI) and psychology, researchers have been concerned that participants mostly come from WEIRD (Western, Educated, Industrialized, Rich, and Democratic) countries. This WEIRD skew may hinder understanding of diverse populations and their cultural differences. The usable privacy and security (UPS) field has inherited many research methodologies from research on human factor fields.

• Scoop News Group ☛ Infostealers fueled cyberattacks and snagged 2.1B credentials last year

  Inexpensive information-stealing malware surged in 2024, infecting 23 million hosts, according to Flashpoint.

• The Register UK ☛ Microsoft isn't fixing 8-year-old zero day used for spying • The Register

• Windows TCO / Windows Bot Nets

  • SANS ☛ Python Bot Delivered Through DLL Side-Loading, (Tue, Mar 18th)

    One of my hunting rules triggered some suspicious Python code, and, diving deeper, I found an interesting example of DLL side-loading. This technique involves placing a malicious DLL with the same name and export structure as a legitimate DLL in a location the application checks first, causing the application to load the malicious DLL instead of the intended one. This is a classic vulnerability seen for years in many software. The attacker also implemented simple tricks to bypass classic security controls.

  • Security Week ☛ 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft

    ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands.