news
Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (gvisor-tap-vsock, kernel, and kernel-rt), Fedora (chromium, dnf, dotnet9.0, golang, lemonldap-ng, mariadb10.11, perl-Crypt-URandom-Token, perl-DBIx-Class-EncodedColumn, php-tcpdf, podman-tui, and trunk), Red Hat (java-17-openjdk and kernel), Slackware (mozilla), SUSE (apache2-mod_auth_openidc, cosign, etcd, expat, flannel, kernel, libsqlite3-0, libvarnishapi3, mozjs52, Multi-Linux Manager 4.3: Server, Multi-Linux Manager 5.0: Server, Proxy and Retail Server, pgadmin4, rekor, rsync, rubygem-bundler, and webkit2gtk3), and Ubuntu (7zip, Docker, and quickjs).
-
The Cyber Show ☛ Cybersecurity is resistance
As we've been saying here for a while cybersecurity is a political struggle. If the US is growing hostile to cybersecurity, what does this mean?
It is hard not to be in a state of denial around recent events. What's happening in the USA is simply bizarre. One expects to wake up any moment and find it was all a bad dream or test of public credulity?
The United States looks like a country under deletion, shutting down science, medicine, education and offices of public safety. In the latest assault on civil society, today they announced the end of funding for MITRE who have run the Common Vulnerabilities and Exposures (CVE) database for 25 years. CVE is a cornerstone of cybersecurity globally. By this act the US government has signalled disdain for digital security. It's the latest in a swelling populist-authoritarian wave set to wash away civic elements of the digital world.
What we do as cybersecurity people is under attack, flipping the dial towards chaos and the tooth and claw of Natural Law. Under such a non-regime of Ragnar Redbeard or Plato's Thrasymachus, everything is open to the will of the strongest and most technologically audacious. Given that defensive cybersecurity is in a pitiful state, already weak and overwhelmed, a combination of weakening the rule of law and undermining defensive cybersecurity must surely be designed to cause Western technological society to collapse.
-
Security Week ☛ Critical Vulnerability Found in Apache Roller Blog Server
A critical vulnerability in Apache Roller could be used to maintain persistent access by reusing older sessions even after password changes.
-
Security Week ☛ Microsoft Warns of Node.js Abuse for Malware Delivery [Ed: Microsoft itself offers back door access; who's Microsoft to lecture anyone about security?]
In the past months Abusive Monopolist Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads.
-
Security Week ☛ Pillar Security Banks $9M for Hey Hi (AI) Security Guardrails
Shield Capital leads a $9 million seed-stage funding round for Israeli startup building technologies for Hey Hi (AI) security and privacy guardrails.
-
Security Week ☛ 2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches
In fresh filings, Landmark Admin and Young Consulting say data breaches back in 2024 impacted more people than initially estimated.
-
Security Week ☛ Conduent Says Names, Social Security Numbers Stolen in Cyberattack
The business services provider confirms personal information such as names and Social Security numbers was stolen in a January cyberattack.
-
OpenSSF (Linux Foundation) ☛ NEW FREE COURSE: Understanding the EU Cyber Resilience Act (CRA) (LFEL1001)
-
Security Week ☛ China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games
China accuses three alleged U.S. NSA operatives of cyberattacks targeting critical infrastructure and the Asian Games in Harbin.
-
Security Week ☛ Hertz Discloses Data Breach Linked to Cleo Hack
Customers of the Hertz, Thrifty, and Dollar brands had their personal information stolen as a result of the Cleo hack last year.
-
Security Week ☛ Enhanced Version of ‘BPFDoor’ GNU/Linux Backdoor Seen in the Wild
In recent attacks, the state-sponsored backdoor BPFDoor is using a controller to open a reverse shell and move laterally.
-
SANS ☛ Apple Patches Exploited Vulnerability, (Wed, Apr 16th)
-
SANS ☛ RedTail, Remnux and Malware Management (Wed, Apr 16th)
-
LWN ☛ Catanzaro: Dangerous arbitrary file read vulnerability in Yelp
GNOME contributor Michael Catanzaro has written a blog post about a noteworthy vulnerability in GNOME's help browser, Yelp.
-
Silicon Angle ☛ US extends contract to fund the CVE vulnerability database
The U.S. government today extended a contract through which it finances the CVE Program, the cybersecurity industry’s go-to database of software vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency announced the move today.
-
Federal News Network ☛ Cyber roundup: CISA pulls CVE from the brink
CISA extended the CVE program for now, but the cyber agency is being accused of playing "a game of chicken" with its funding.
-
Hong Kong Free Press ☛ China accuses US spies of cyberattacks during Asian Winter Games in Harbin
Chinese security officials said Tuesday they had implicated three US “secret agents” in cyberattacks during February’s Asian Winter Games in the northeastern city of Harbin, offering a reward for information on the alleged spies. Harbin police released a statement on Weibo accusing three US National Security Agency (NSA) agents of attacks on “key information infrastructure”.
-
Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation
-
Scoop News Group ☛ Chinese espionage group leans on open-source tools to mask intrusions [Ed: How to frame Free software as a problem because anyone can use it for anything; how about proprietary target platforms having actual back doors?]
Sysdig researchers say UNC5174’s use of open-source tools like VShell and WebSockets has likely helped the group mask its presence in other campaigns.
-