Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (openssh), Debian (krb5), Fedora (yt-dlp), Gentoo (firefox, KDE Plasma Workspaces, Stellarium, thunderbird, and X.Org X11 library), Mageia (python-js2py and znc), Oracle (389-ds, c-ares, container-tools, cups, go-toolset, httpd:2.4/httpd, iperf3, kernel, less, libreoffice, libuv, nghttp2, openldap, openssh, python-idna, python-jinja2, python-pillow, python3, python3.11-PyMySQL, and xmlrpc-c), Red Hat (kernel, kernel-rt, openssh, and virt:rhel and virt-devel:rhel modules), and SUSE (go1.21, go1.22, krb5, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, netty3, opera, and python-urllib3).
-
Silicon Angle ☛ New APT group CloudSorcerer uses cloud services to target Russian government entities
Security researchers at Securelsit by Kaspersky today detailed a new advanced persistent threat group that’s targeting Russian government entities in what appears to be another uptick in geopolitical-linked hacking. Dubbed CloudSorcerer, the group uses a sophisticated cyber espionage tool for stealth monitoring, data collection and exfiltration via Abusive Monopolist Microsoft Graph, Yandex Cloud and Dropbox cloud infrastructure.
-
Security Week ☛ Kaspersky Flags Cyberespionage APT ‘CloudSorcerer’ Targeting Russian Government
Kaspersky said the CloudSorcerer APT has been abusing public cloud services to exfiltrate data from Russian government entities.
-
Federal News Network ☛ When cybersecurity becomes a personal matter
Cybersecurity becomes almost a personal matter when you're working in a war zone and information superiority is a must.
-
OpenSSF (Linux Foundation) ☛ Learn How To Develop Secure Software!
The Open Source Security Foundation (OpenSSF), in partnership with 'Linux' Foundation Training & Certification, offers a free online training course, Developing Secure Software (LFD121). Those who complete the course and pass the final exam will earn a free certificate of completion valid for two years.
-
Pen Test Partners ☛ Pen testing cruise ships
New build ships contracted for build from 1st July 2024 must comply with IACS UR E26 & 27.
-
Security Week ☛ Hacked Ethereum Foundation Account Used to Send 35,000 Phishing Emails
A threat actor sent over 35,000 phishing emails after hacking into Ethereum Foundation's account on a mailing list platform.
-
Security Week ☛ Supreme Court Ruling Threatens the Framework of Cybersecurity Regulation
The Supreme Court's striking down of the Chevron Doctrine will have a major effect on the determination and enforcement of cyber regulation in the US.
-
Security Week ☛ Former Nuance Employee Arrested After Geisinger Data Breach Exposed 1.2 Million Records
A class action lawsuit was filed against Geisinger for failing to properly secure patients’ personal and health information.
-
Security Week ☛ Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript
Vulnerability in Ghostscript (CVE-2024-29510) allows attackers to bypass sandbox for remote code execution.
-
Security Week ☛ Cloudy with a Chance of Cyberattack: Understanding LOTC Attacks and How ZTNA Can Prevent Them
With Living Off the Cloud (LOTC) attacks, hackers abuse Hey Hi (AI) of trusted cloud services to remotely control botnets but also to make malicious traffic appear as trusted cloud traffic.
-
Silicon Angle ☛ Investor confidence boosts cybersecurity funding to $3.3B in second quarter
A new report today from cybersecurity recruitment firm Pinpoint Search Group has found that cybersecurity funding surged in the second quarter after the industry underwent considerable changes over the last year. Pinpoint’s research team recorded 120 transactions in the cybersecurity market in the second quarter, totaling $3.3 billion across 98 funding rounds and 22 mergers and acquisitions.
-
Silicon Angle ☛ New ‘RockYou2024’ password dump raises global cybersecurity alarms
People who reuse passwords across multiple sites are at the top of the list of those who should be seriously concerned following the sharing on July 4 of nearly 10 billion unique plaintext passwords on the infamous hacking site BreachForums.
-
Windows TCO
-
Bruce Schneier ☛ On the CSRB’s Non-Investigation of the SolarWinds Attack
ProPublica has a long investigative article on how the Cyber Safety Review Board failed to investigate the SolarWinds attack, and specifically Microsoft’s culpability, even though they were directed by President Biden to do so.
-