Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (distro-info, distro-info-data, gst-plugins-bad1.0, node-browserify-sign, nss, openjdk-11, and thunderbird), Fedora (chromium, curl, nghttp2, and xorg-x11-server-Xwayland), Gentoo (Dovecot, Rack, rxvt-unicode, and UnZip), Mageia (apache, bind, and vim), Red Hat (varnish:6), SUSE (nodejs12, opera, python-bugzilla, python-Django, and vorbis-tools), and Ubuntu (exim4, firefox, nodejs, and slurm-llnl, slurm-wlm).
-
Data Breaches ☛ India’s Biggest Data Leak So Far? Covid-19 Test Info of 81.5Cr Citizens With ICMR Up for Sale
Read more at News18. While they did not get a response from the ICMR, they report, “It has been learnt that CERT-In has informed ICMR about the breach and the verification of sample data, which is on sale, matches with the actual data of ICMR after which all agencies were ropes in.”
They also report, however, that “Sources confirmed to News18 that the epicentre of leakage has not been identified as parts of the Covid-19 test data go to the National Informatics Centre (NIC), ICMR and Ministry of Health.”
The sale of the data on BreachForums was noted by Resecurity in a blog post two weeks ago but first seems to be making headlines now. The listing on October 9 by a forum user called “pwn0001” claims the data is from September 2023 and has never been sold before. The data fields include “name, fathersName, phoneNumber, otherNumber, passportNumber, aadharNumber, age, gender, address, district, pincode, state, and town. ”
-
Bruce Schneier ☛ Hacking Scandinavian Alcohol Tax
The islands of Åland are an important tax hack:
Although Åland is part of the Republic of Finland, it has its own autonomous parliament. In areas where Åland has its own legislation, the group of islands essentially operates as an independent nation.
This allows Scandinavians to avoid the notoriously high alcohol taxes:
Åland is a member of the EU and its currency is the euro, but Åland’s relationship with the EU is regulated by way of a special protocol. In order to maintain the important sale of duty-free goods on ferries operating between Finland and Sweden, Åland is not part of the EU’s VAT area...
-
Security Week ☛ Apple Improves iMessage Security With Contact Key Verification [Ed: iMessage is proprietary and Apple works for the NSA, so it doesn't take a genius to figure out iMessage is invalid for privacy]
New capability detects attacks on iMessage servers and allows users to verify a conversation partner’s identity.
-
Silicon Angle ☛ New Citrix Bleed vulnerability of NetScaler network devices
Earlier this month another vulnerability was found in Citrix Systems Inc.’s NetScaler and NetGateway product lines. This time around, the Citrix Bleed exploit is a lot more dangerous and harder to snuff out. In July and August, about 2,000 NetScalers were exploited by a threat actor to get persistent access.
-
Silicon Angle ☛ SlashNext report uncovers 1,265% increase in phishing emails in a year
A new report released today by phishing protection company SlashNext Inc. finds that there has been a whopping 1,265% increase in phishing attacks in the 12 months from the fourth quarter of 2022 to the end of the third quarter of 2023. >
-
Trail Of Bits ☛ The issue with ATS in Apple’s macOS and iOS
By Will Brattain Trail of Bits is publicly disclosing a vulnerability (CVE-2023-38596) that affects iOS, iPadOS, and tvOS before version 17, macOS before version 14, and watchOS before version 10. The flaw resides in Apple’s App Transport Security (ATS) protocol handling. We discovered that Apple’s ATS fails to require the encryption of connections...
-
Security Week ☛ Whistleblowers: Should CISOs Consider Them a Friend or Foe?
Are whistleblowers traitors to the company, a danger to corporate brand image, and a form of insider threat? Or are they an early warning safety valve that can be used to strengthen cybersecurity and compliance?
-
Security Week ☛ Boeing Investigating Ransomware Attack Claims [Ed: Windows TCO]
The LockBit ransomware gang claims to have stolen large amounts of data from aerospace giant Boeing.
-
Security Week ☛ Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack
Researchers document the Wiki-Slack attack, a new technique that uses modified Wikipedia pages to target end users on Slack.
-
Security Week ☛ Hackers Earn Over $1 Million at Pwn2Own Toronto 2023
Hackers have demonstrated 58 zero-days and earned more than $1 million in rewards at Pwn2Own Toronto 2023.
-
SANS ☛ Flying under the Radar: The Privacy Impact of multicast DNS, (Mon, Oct 30th)
The recent patch to iOS/macOS for CVE-2023-42846 made me think it is probably time to write up a reminder about the privacy impact of UPNP and multicast DNS.