Security Leftovers

posted by Roy Schestowitz on Feb 01, 2024

• OpenSSF (Linux Foundation) ☛ Maintainer Motivations, Challenges, and Best Practices on Open Source Software Security

  The 'Linux' Foundation’s recent research report, titled Maintainer Perspectives on Open Source Software Security, provides valuable insights into the views and practices of OSS maintainers and core contributors. Insights were derived from survey data, and the report features a foreword from Cisco’s Stephen Augustus, a maintainer, contributor, and one of open source’s most active participants.

• LWN ☛ GNU C Library 2.39 released

  Version 2.39 of the GNU C Library has been released. Changes include integration with the x86 shadow-stack mechanism, a couple of new posix_spawn() variants for working with control groups, pidfd_spawn() and pidfd_spawnp(), the C2X stdbit.h header, the removal of the libcrypt library, and more. See the release notes for details.

• LWN ☛ Security updates for Thursday

  Security updates have been issued by Debian (debian-security-support, firefox-esr, openjdk-11, and python-asyncssh), Fedora (glibc, python-templated-dictionary, thunderbird, and xorg-x11-server-Xwayland), Gentoo (Chromium, Google Chrome, Microsoft Edge and WebKitGTK+), Red Hat (firefox, gnutls, libssh, thunderbird, and tigervnc), SUSE (mbedtls, rear116, rear1172a, runc, squid, and tinyssh), and Ubuntu (glibc and runc).

• Security Boulevard ☛ Biden Will Veto Efforts to Spike SEC Breach Disclosure Rule

  President Biden is warning Congressional Republicans that he will veto any attempts to overturn the Securities and Exchange Commission’s (SEC) new requirement for public companies disclosing cybersecurity incidents.

• INTERPOL ☛ INTERPOL-led operation targets growing cyber threats

  Some 1,300 suspicious IP addresses or URLs have been identified as part of a global INTERPOL operation targeting phishing, malware and ransomware attacks.

  Operation Synergia, which ran from September to November 2023, was launched in response to the clear growth, escalation and professionalisation of transnational cybercrime and the need for coordinated action against new cyber threats.

• The Register UK ☛ LockBit shows no remorse for ransomware attack on children's hospital

  Ransomware gang LockBit is claiming responsibility for an attack on a Chicago children's hospital in an apparent deviation from its previous policy of not targeting nonprofits.

  Stooping to new lows, the criminals are reportedly unwilling to reverse the attack on Saint Anthony Hospital, as they had done in previous cases such as Toronto's SickKids hospital.

• More Than 1,000 Apply for Security Payment Following PSNI Data Leak

  More than 1,000 PSNI officers and staff have taken up an offer of a payment to help with home security improvements following a major data leak.

  The Policing Board was told the cost to the force of the scheme is currently £400,000.

  In August, the details of almost 9,500 PSNI officers and staff were mistakenly published in response to a Freedom of Information (FoI) request.

• Students hack into Fulton County Schools IT systems, district says

  At least one student is believed to have hacked into some of Fulton County Schools’ information technology (IT) systems, the district announced Wednesday.

  The breach involved one or more students from FCS Innovation Academy, a STEM-focused magnet high school in Alpharetta. It is unknown what systems were accessed or if any data was leaked.

  One student said the breach affected his ability to do schoolwork, saying all weekend they were not able to access Microsoft Teams or even their school email.