news
Security and Windows TCO
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (git, krb5, perl-CPAN, and rsync), Debian (tcpdf), Fedora (libmodsecurity, lua-http, microcode_ctl, and nextcloud), Red Hat (osbuild-composer), SUSE (389-ds, avahi, ca-certificates-mozilla, docker, expat, freetype2, glib2, gnuplot, gnutls, golang-github-teddysun-v2ray-plugin, golang-github-v2fly-v2ray-core, govulncheck-vulndb, helm, iperf, kernel, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, krb5, libarchive, libsoup, libsoup2, libtasn1, libX11, libxml2, libxslt, orc, podman, python-Jinja2, python-requests, python3-setuptools, python310, python311, python39, rubygem-rack, sslh, SUSE Manager Client Tools, SUSE Manager Client Tools and Salt Bundle, ucode-intel, util-linux, and wget), and Ubuntu (libvpx, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-nvidia-tegra, linux-oracle, linux, linux-aws, linux-kvm, linux-aws, linux-lts-xenial, linux-aws-fips, linux-azure-fips, linux-fips, linux-gcp-fips, linux-aws-fips, linux-gcp-fips, linux-azure-fde, linux-fips, and linux-intel-iot-realtime, linux-realtime).
-
LWN ☛ System-wide encrypted DNS
The increasing sophistication of attackers has organizations realizing that perimeter-based security models are inadequate. Many are planning to transition their internal networks to a zero-trust architecture. This requires every communication on the network to be encrypted, authenticated, and authorized. This can be achieved in applications and services by using modern communication protocols. However, the world still depends on Domain Name System (DNS) services where encryption, while possible, is far from being the industry standard. To address this we, as part of a working group at Red Hat, worked on fully integrating encrypted DNS for Linux systems—not only while the system is running but also during the installation and boot process, including support for a custom certificate chain in the initial ramdisk. This integration is now available in CentOS Stream 9, 10, and the upcoming Fedora 43 release.
-
Windows TCO / Windows Bot Nets
-
The Register UK ☛ Ransomware scum leak patient data after disrupting services
Earlier today, ransomware gang Interlock dumped 941 GB of data purportedly belonging to the healthcare provider.
The stolen information appears to include ID cards, payment data, purchasing and financial reports, among a ton of other patient and staff details, and encompasses 732,490 files across 20,418 folders, according to the leak site.
-
Wired ☛ The US Grid Attack Looming on the Horizon
Insurance underwriter Lloyd’s of London has looked at the effects of such an outage. In this hypothetical, first drafted in 2015 but updated in the years since, Lloyd’s estimates that a Trojan virus that manages to infect just 50 generators—removing 10 percent of the grid’s total power—can trigger this cascade effect and knock out power for most of the East Coast, including New York City and Washington, DC. The Lloyd’s report states that this is an “extreme” but “not unrealistic scenario.”
-
The Register UK ☛ Play ransomware groups use SimpleHelp flaw: FBI
"Ransom notes do not include an initial ransom demand or payment instructions; rather, victims are instructed to contact the threat actors via email," the FBI, Cybersecurity and Infrastructure Security Agency, and Australian Signals Directorate's Cyber Security Centre said in a June 4 update to an earlier Play ransomware alert.
The update includes new tactics, techniques, and procedures Play uses, along with current indicators of compromise to help network defenders protect their organizations from the ransomware crew.
-