news
Security and Windows TCO Leftovers
-
OpenSSF (Linux Foundation) ☛ Maintainers’ Guide: Securing CI/CD Pipelines After the tj-actions and reviewdog Supply Chain Attacks
CI/CD pipelines are increasingly becoming high-value targets for attackers. With access to secrets, source code, and infrastructure, they offer a direct route to supply chain compromise. The recent breaches involving tj-actions/changed-files and reviewdog/action-setup are not just isolated events, they are harbingers of a new generation of CI/CD-targeted supply chain attacks.
-
Security Week ☛ Recently Disrupted DanaBot Leaked Valuable Data for 3 Years
Investigators leveraged a vulnerability dubbed DanaBleed to obtain insights into the internal operations of the DanaBot botnet.
-
Security Week ☛ 40,000 Security Cameras Exposed to Remote Hacking
Bitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity.
-
Security Week ☛ Fortinet, Ivanti Patch High-Severity Vulnerabilities
Patches released by Fortinet and Ivanti resolve over a dozen vulnerabilities, including high-severity flaws leading to code execution, credential leaks.
-
Security Week ☛ Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices
Vulnerable DTResearch UEFI firmware applications can be used in BYOVD attacks to bypass Secure Boot.
-
Security Week ☛ With Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves Empty
Beyond potentially halting sales of physical goods, breaches can expose customers’ personal data to future phishing or fraud attempts.
-
Confidentiality
-
Unmitigated Risk ☛ The WebPKI’s Moral Hazard Problem: When Those Who Decide Don’t Pay the Price
TL;DR: Root programs, facing user loss, prioritize safety, while major CAs, with browsers, shape WebPKI rules. Most CAs, risking distrust or customers, seek leniency, shifting risks to billions of voiceless relying parties. Subscribers’ push for ease fuels CA resistance, demanding reform.
The recent Mozilla CA Program roundtable discussion draws attention to a fundamental flaw in how we govern the WebPKI, one that threatens the security of billions of internet users. It’s a classic case of moral hazard: those making critical security decisions face minimal personal or professional consequences for poor choices, while those most affected have virtually no say in how the system operates.
-
-
Integrity/Availability/Authenticity
-
[Old] Zerforschung ☛ How we tried to book a train ticket and ended up with a databreach with 245,000 records
To celebrate Franco-German friendship, German Transport Minister Wissing and his French counterpart Beaune came up with something special: 30,000 free Interrail tickets per country for travel in Germany and France for young adults between 18 and 27. Codename: “Passe France Allemagne”
However, many things went wrong when the Interrail passes were distributed. In the following, we want to take you on a journey through the stages of the not-so-well-implemented ticket and show you how you could still get a pass after registration ended.
-
-
Windows TCO / Windows Bot Nets
-
Bitdefender ☛ Empty shelves after US's largest natural and organic food distributor suffers cyber attack
The spate of cyber attacks impacting the retail industry continues, with the latest victim being United Natural Foods, one of the USA's largest wholesale distributors of healthy and specialty food.
-
The Register UK ☛ 'Major compromise' at NHS temping arm never disclosed
Deloitte's report stated that it could not see how the attackers escalated their privileges, but did so right up to the domain admin level and moved laterally across NHSP's network via RDP and SMB share access.
-
The Register UK ☛ Pentagon IT projects have lots of things to to fix, says GAO
The 2025 IT Systems Annual Assessment, published by the US Government Accountability Office (GAO) Thursday, concluded that the Department of Defense's major IT business programs plan to suck up $10.9 billion of the agency's budget, but are still missing the mark in a number of ways.
-
Broadcom Inc ☛ Fog Ransomware: Unusual Toolset Used in Recent Attack
Also notable in this attack was that, a few days after the ransomware was deployed, the attackers created a service to establish persistence. This is an unusual step to see in a ransomware attack, with malicious activity usually ceasing on a network once the attackers have exfiltrated data and deployed the ransomware, but the attackers in this incident appeared to wish to retain access to the victim’s network.
-
The Record ☛ Fog ransomware attack on Asia financial org draws attention over use of employee monitoring software
Brigid O Gorman, senior intelligence analyst at Symantec, told Recorded Future News that they did not have enough evidence to link the attack to any specific nation state. But O Gorman said the “slightly unusual elements of this attack — the use of unusual tools, and establishing persistence after the ransomware is deployed — point to it being more than just a 'usual' ransomware attack.”
-