Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (dnsmasq, editorconfig-core, lemonldap-ng, proftpd-dfsg, python3.9, simplesamlphp, tgt, and xfpt), Fedora (qbittorrent, webkitgtk, and wireshark), Mageia (libsoup3 & libsoup), Red Hat (buildah, grafana, grafana-pcp, and podman), SUSE (gimp, kernel, postgresql14, python, webkit2gtk3, xen, and zabbix), and Ubuntu (ansible and postgresql-12, postgresql-14, postgresql-16).
-
Windows TCO
-
Scoop News Group ☛ Notorious ransomware developer charged with computer crimes in Russia
Russia’s prosecution of Matveev is notable given the country’s historical reluctance to pursue cybercriminals that operate within its own borders, particularly those whose activities align with state interests or target foreign adversaries. However, Russia has made exceptions recently, aligning with a broader crackdown on cybercriminals. Several members tied to the REvil ransomware gang were arrested in 2022, with Russian court proceedings taking place in October.
-
Security Week ☛ Two UK Hospitals Hit by Cyberattacks, One Postponed Procedures
Two National Health Service (NHS) hospitals in the UK disclosed cyberattacks last week, and at least one of the attacks was conducted by a ransomware group.
-
US News And World Report ☛ UK Facing Increased Hostile Activity in Cyberspace, Security Official Warns
Britain's cyber security chief warned on Tuesday of a rise in hostile activity in the country's cyberspace, with the number of incidents handled by officials rising by 16% in 2024 compared to a year ago.
-
The Record ☛ UK cyber chief warns country is ‘widely underestimating’ risks from cyberattacks
Citing the intelligence that NCSC has access to as an agency within GCHQ, Horne will warn that “hostile activity in UK cyberspace has increased in frequency, sophistication and intensity,” adding that despite growing activity from Russian and Chinese threat actors, the agency believes British society as a whole is failing to appreciate the severity of the risk.
-
The Record ☛ Energy industry contractor says ransomware attack has limited access to IT systems
“The preliminary investigation has revealed that a threat actor illegally accessed the Company’s information technology system and encrypted some of its data files,” the Oklahoma-based firm said.
ENGlobal Corporation has restricted employee access to its IT system, limiting it to only essential business operations. The company explained that it has taken several steps to address the issue, including starting an internal investigation and hiring external cybersecurity experts.
-
Modern Diplomacy ☛ Stuxnet: The Paradigm-Shifting Cyberattack, Implications and way forward
Stuxnet was more than just another piece of malware; it represented a paradigm alteration in how states could utilize cyber capabilities for strategic gain. Beyond its immediate target, its implications are far-reaching, modernizing cyber warfare and raising critical questions about ethics, national security, and global governance. Stuxnet was a masterwork in technology in contrast to earlier cyberattacks. Stuxnet was revolutionary because of its sophistication and precision, proving that cyber weapons could cause genuine harm in the physical world by moving beyond the digital domain. This established a new standard for cyberattacks by demonstrating the potential for state-sponsored operations to achieve premeditated goals without using traditional military means.
-
-
Confidentiality
-
Unmitigated Risk ☛ Government CAs and the WebPKI: Trust is Often the Opposite of Security
Following my recent post about another CA failing the “Turing test” with a likely MITM certificate issuance, let’s examine a troubling pattern: the role of government-run and government-affiliated CAs in the WebPKI ecosystem. This incident brings attention to Microsoft’s root program, what is clear is a fundamental contradiction persists: we’re trusting entities whose institutional incentives often directly conflict with the security goals of the WebPKI.
-
Unmitigated Risk ☛ Another CA Fails the Turing Test?
In a concerning development, yet another Certificate Authority (CA) has issued what is likely a man-in-the-middle (MITM) certificate—something strictly prohibited by all root programs. This particular case is unique because the CA is trusted only by Microsoft, making the situation both frustratingly familiar and uniquely problematic. Details are emerging in this Bugzilla thread.
-
-
Integrity/Availability/Authenticity
-
Rachel ☛ Just cracking an embedded root password, no big deal
... and if this means anything to you, then you'll also be glad to know that the default value for "PermitRootLogin" of "prohibit-password" should be in place so nobody can get into your device that way. Test it yourself to be sure if you're worried. I sure did.
-
9to5Google ☛ Google app for iOS now injects links back to Search on websites
Google has introduced a new feature on iOS that injects links on third-party websites that take users back to Google Search.
Recently, Google announced new “Page Annotations” within the Google app on iOS. This feature, as Google explains, “extracts interesting entities from the webpage and highlights them in line.” Effectively, it creates links on a website that you’ve opened through Google’s browser that the website’s owner did not put there. The links, when clicked, then perform a search on Google for that subject and open the search in a pop-up window on top of the third-party website.
-
[Old] EFF ☛ CALEA
EFF and a coalition of public interest, industry, and academic groups filed suit in 2005 challenging the Federal Communications Commission's (FCC) unjustified expansion of the Communications Assistance for Law Enforcement Act (CALEA). By forcing broadband Internet and interconnected voice over Internet Protocol (VoIP) services to become wiretap-friendly, the FCC ignored CALEA's plain language and threatened privacy, security, and innovation.
Congress passed the Communications Assistance for Law Enforcement Act (CALEA) in 1994 to make it easier for law enforcement to wiretap digital telephone networks. CALEA forced telephone companies to redesign their network architectures to make wiretapping easier. It expressly did not regulate data traveling over the Internet.
-