Security Leftovers
-
LinuxSecurity ☛ Linux Kernel Runtime Guard (LKRG) 0.9.8 Released with Major Improvements
Openwall has released GNU/Linux Kernel Runtime Guard (LKRG) 0.9.8 with significant updates and improvements. For those unfamiliar with GNU/Linux Kernel Runtime Guard (LKRG), it is a kernel module that performs runtime integrity checking of the GNU/Linux kernel and detects security vulnerability exploits against the kernel.
-
SANS ☛ Exploit Attempts for Unknown Password Reset Vulnerability, (Wed, Feb 28th)
My Surveillance Giant Google skills let me down this morning, attempting to figure out which vulnerability is exactly being exploited by these "forgotuserpassword.action" scans. Maybe someone else can help me out here. Based on the scans, I do not believe this is a "normal" password reset vulnerability.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (knot-resolver and wpa), Fedora (chromium, kernel, thunderbird, and yarnpkg), Mageia (c-ares), Oracle (firefox, kernel, opensc, postgresql:13, postgresql:15, and thunderbird), Red Hat (edk2, gimp:2.8, and kernel), SUSE (bind, bluez, container-suseconnect, dnsdist, freerdp, gcc12, gcc7, glib2, gnutls, kernel, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, libqt5-qtbase, libqt5-qtsvg, nodejs18, nodejs20, openssl, openssl-1_0_0, poppler, python-crcmod, python-cryptography, python-cryptography- vectors, python-pip, python-requests, python3-requests, python311, python39, rabbitmq-c, samba, sccache, shim, SUSE Manager 4.2, SUSE Manager Server 4.2, the Linux-RT Kernel, and thunderbird), and Ubuntu (less, openssl, php7.0, php7.2, php7.4, and tiff).
-
Security Week ☛ US Government Urges Cleanup of Routers Infected by Russia’s APT28
The US government says Russia’s APT28 group compromised Ubiquiti EdgeRouters to run cyberespionage operations worldwide.
-
Silicon Angle ☛ Biden issues executive order protecting Americans’ data from countries of concern
U.S. President Joe Biden today signed an executive order that will block the bulk transfer of Americans’ personal data to countries of concern. The White House announced the move today. Engadget reported that the countries of concern at the focus of the executive order are Russia, China, Iran, North Korea, Cuba and Venezuela.
-
New York Times ☛ Biden Issues Executive Order to Restrict Personal Data Sales to China and Russia
In an attempt to limit blackmail and other harm, he issued an executive order asking the Justice Department to write rules restricting sales to six countries.
-
Latvia ☛ Latvian activist could face charges for helping migrants
On Wednesday, February 28, the Latgale District Court in Rēzekne is hearing the criminal case of Ieva Raubiško, a member of the well-known human rights organization "I Want to Help Refugees", concerning events that took place a year ago on the border between Latvia and Belarus, Latvian Radio reports.
-
RFERL ☛ Former Coach Of Belarusian Athlete Banned For Five Years
The former coach of Belarus sprinter Krystsina Tsimanouskaya has been banned for five years by the Athletics Integrity Unit (AIU), which investigated allegations that Tsimanouskaya’s coaches attempted to force her to return home during the Tokyo Olympics.
-
Krebs On Security ☛ Calendar Meeting Links Used to Spread Mac Malware
Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s account at Calendly, a popular free calendar application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.
-
Scoop News Group ☛ Notorious ransomware group claims responsibility for attacks roiling US pharmacies [Ed: Windows TCO]
The group known as ALPHV said it was behind an attack that has disrupted a service used by healthcare providers to process payments.
-
Security Week ☛ Is XDR Enough? The Hidden Gaps in Your Security Net
When evaluating XDR, consider its value based on its ability to reduce complexity and improve threat detection and response times.
-
Security Week ☛ Hackers Steal Personal Information From Pharma Giant Cencora
Pharmaceutical solutions provider Cencora discloses a cyberattack that resulted in personal information being stolen from its systems.
-
WhichUK ☛ Which? investigation finds malware in TV boxes
A recent Which? investigation has found alarming security concerns with TV boxes that could put your home network at risk
-
SANS ☛ Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service., (Thu, Feb 29th)
-
Security Week ☛ Chinese Cyberspies Use New Malware in Ivanti VPN Attacks
Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades.