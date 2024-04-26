Security Leftovers and Windows TCO
Dark Reading ☛ 3 DPRK APTs Spied on South Korea Defense Industry
Lazarus, Kimsuky, and Andariel all got in on the action, stealing "important" data from firms responsible for defending their southern neighbors (from them).
Security Week ☛ Google Patches Critical Chrome Vulnerability
Google patches CVE-2024-4058, a critical Chrome vulnerability for which researchers earned a $16,000 reward.
IT Wire ☛ Outsourcing firm OracleCMS affected by 'cyber-security incident'
"Upon discovery, OracleCMS engaged external cyber-security experts to help us secure our systems and investigate the incident," the company said.
"Available evidence suggests that the impacted data is limited to corporate information, contract details, invoices, and triage process workflows.
SANS ☛ Does it matter if iptables isn't running on my honeypot, (Thu, Apr 25th)
I've been working on comparing data from different DShield honeypots to understand differences when the honeypots reside on different networks. One point of comparison is malware submitted to the honeypots.
LinuxSecurity ☛ Tails 6.2 Improves Security, Expands Multilingual Support
Tails 6.2 is a new GNU/Linux distribution release that expands its multilingual support and improves security features. The distribution is a Debian-based operating system that enables users to remain incognito online and securely browse the web.
OpenSSF (Linux Foundation) ☛ Spotlight on the OpenSSF AI/ML Working Group [Ed: Microsoft front group promoting Microsoft hype]
What do open source software, security and AI/ML have in common?
Bleeping Computer ☛ GitHub comments abused to push malware via Microsoft repo URLs [Ed: This Microsoft connected site makes Microsoft seem like the victim rather than the enabler]
A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy.
LWN ☛ GitHub comments used to distribute malware (BleepingComputer)
BleepingComputer reported on April 20 that some malware was being distributed via Microsoft's proprietary prison GitHub. Uploading files as part of a comment gives them a URL that appears to be associated with a repository, even if the comment is never posted.
Security Week ☛ Cisco Raises Alarm for ‘ArcaneDoor’ Zero-Days Hitting ASA Firewall Platforms
Cisco warns that nation state-backed hackers are exploiting at least two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks.
Netcraft ☛ Autodesk hosting PDF files used in Abusive Monopolist Microsoft phishing attacks
Autodesk is hosting malicious PDF files that lead phishing attack victims to have their Abusive Monopolist Microsoft login credentials stolen.
TechCrunch ☛ Kaiser to notify millions of a data breach after sharing patients’ data with advertisers
U.S. health conglomerate Kaiser is notifying millions of current and former members of a data breach after confirming it shared patients’ information with third-party advertisers, including Google, Microsoft and X (formerly Twitter).
In a statement shared wcith TechCrunch, Kaiser said that it conducted an investigation that found “certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.”
Multiple Squid Vulnerabilities Fixed in Ubuntu
The Ubuntu security team has recently rolled out critical security updates aimed at addressing several vulnerabilities identified in Squid, a widely used web proxy cache server. These vulnerabilities, if left unaddressed, could potentially expose systems to denial-of-service attacks. Let’s delve into the specifics of these vulnerabilities and understand their implications.
Dark Reading ☛ Chinese Keyboard Apps Open 1B People to Eavesdropping
Eight out of nine apps that people use to input Chinese characters into mobile devices have security vulnerabilities that allow a passive eavesdropper to collect keystroke data.
Windows TCO
Ars Technica ☛ Windows vulnerability reported by the NSA exploited to install Russian malware | Ars Technica
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.
Dark Reading ☛ Russia's Fancy Bear Pummels Windows Print Spooler Bug
The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyberespionage attacks against targets in Ukraine, Western Europe, and North America.
Security Week ☛ North Korean Hackers Hijack Antivirus Updates for Malware Delivery
A North Korea-linked threat actor hijacked the update mechanism of eScan antivirus to deploy backdoors and cryptocurrency miners.
Silicon Angle ☛ Coalition reveals uptick in cyber insurance claims driven by ransomware in 2023
A new report released today by cybersecurity insurance startup Coalition Inc. details a rise in cyber insurance claims in 2023, primarily driven by ransomware claims. In 2023, Coalition saw a 13% year-over-year increase in claims, but that was below an historic high in 2021.
