news
Security Leftovers
-
Scoop News Group ☛ Hundreds of Salesfarce customers impacted by attack spree linked to third-party Hey Hi (AI) agent
A threat group Surveillance Giant Google tracks as UNC6395 systematically stole large amounts of data from Salesfarce customer instances by using OAuth tokens stolen from Salesloft Drift, researchers said.
-
Zimbabwe ☛ The Irony: Malware Found in the Play Store as Surveillance Giant Google Cracks Down on Apps Outside It
Well, well, well. As if we planned it, the internet ecosystem has a wicked sense of humour.
-
Scoop News Group ☛ Researchers flag code that uses Hey Hi (AI) systems to carry out ransomware attacks
The malware, called PromptLock, essentially functions as a hard-coded prompt injection attack on a large language model, inspecting local filesystems, exfiltrating files and encrypting data.
-
Silicon Angle ☛ Attackers exploit Zoom and Teams impersonations to deliver ScreenConnect malware
A new report out today from human behavior security company Abnormal Hey Hi (AI) Inc. details how attackers are currently exploiting the trust users place in everyday workplace communications to deliver remote access malware.
-
Scoop News Group ☛ Court ruling in Epic-Google fight could have ‘catastrophic’ cyber consequences, former gov’t officials say
The group of experts sided with Surveillance Giant Google against the makers of Fortnite in the long-running antitrust battle.
-
SANS ☛ Getting a Better Handle on International Domain Names and Punycode, (Tue, Aug 26th)
International domain names (IDN) continue to be an interesting topic. For the most part, they are probably less of an issue than some people make them out to be, given that popular browsers like Surveillance Giant Google Chrome are pretty selective in displaying them. But on the other hand, they are still used legitimately or not, and keeping a handle on them is interesting.
-
Tom's Hardware ☛ Ransomware attack disrupts Maryland's public transit service for disabled travelers — MTA says it is investigating cybersecurity incident but core services operating normally
The service, Mobility, was unable to accept requests for rides or changes to already-booked rides following a ransomware attack.
-
Security Week ☛ Organizations Warned of Exploited Git Vulnerability
CISA urges federal agencies to immediately patch an exploited arbitrary file write vulnerability in Git that leads to remote code execution.
-
Security Week ☛ Hundreds of Thousands Affected by Auchan Data Breach
Auchan confirms that the personal information of hundreds of thousands of customers was stolen in a data breach.
-
Security Week ☛ AI Systems Vulnerable to Prompt Injection via Image Scaling Attack
Researchers show how popular Hey Hi (AI) systems can be tricked into processing malicious instructions by hiding them in images.
-
Security Week ☛ Docker Desktop Vulnerability Leads to Host Compromise
A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of backdoored Windows hosts to become administrators.
-
Security Week ☛ Healthcare Services Group Data Breach Impacts 624,000
The personal information of many individuals was stolen from Healthcare Services Group’s computer systems in 2024.
-
Security Week ☛ Beyond the Prompt: Building Trustworthy Agent Systems
Building secure Hey Hi (AI) agent systems requires a disciplined engineering approach focused on deliberate architecture and human oversight.
-
Federal News Network ☛ CISA’s new SBOM update reflects steady rise in adoption
CISA's draft SBOM minimum elements guide provides agencies with an updated outline for how to use the software ingredients lists.
-
Federal News Network ☛ Lawmaker calls for an independent review of cybersecurity in the U.S. courts system
Sen. Ron Wyden (D-Ore.) said the federal Judiciary has fallen short in protecting its sensitive IT systems.
-
Scoop News Group ☛ DOGE employees uploaded Social Security database to ‘vulnerable’ cloud, agency whistleblower says
-
Silicon Angle ☛ Whistleblower says DOGE copied Social Security data to insecure cloud environment
A senior official at the U.S. Social Security Administration today filed a whistleblower complaint over DOGE’s access to agency data. The official, SSA Chief Data Officer Chuck Borges, is represented by the nonprofit Government Accountability Project. The whistleblower complaint is addressed to members of Congress and the U.S. Office of Special Counsel.
-
Federal News Network ☛ SSA whistleblower warns of major security risk following DOGE data access
A whistleblower at SSA said DOGE officials uploaded Social Security’s entire dataset to a vulnerable cloud system, without security or oversight measures.
-
Bruce Schneier ☛ Encryption Backdoor in Military/Police Radios
I wrote about this in 2023. Here’s the story:
Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the ’90s, but the flaws remained unknown because encryption algorithms used in TETRA were kept secret until now.
There’s new news:
In 2023, Carlo Meijer, Wouter Bokslag, and Jos Wetzels of security firm Midnight Blue, based in the Netherlands, discovered vulnerabilities in encryption algorithms that are part of a European radio standard created by ETSI called TETRA (Terrestrial Trunked Radio), which has been baked into radio systems made by Motorola, Damm, Sepura, and others since the ’90s.
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (ffmpeg, firebird3.0, and luajit), Fedora (chromium, python3-docs, and python3.13), Oracle (aide, firefox, glibc, libxml2, and tomcat), Red Hat (aide, git, kernel, kernel-rt, libarchive, pam, python-cryptography, python3, python3.12, and webkit2gtk3), SUSE (cmake3, ffmpeg-4, kernel, kubernetes1.18, libqt4, minikube, net-tools, pam, postgresql16, proftpd, python-urllib3, python311, python312, python36, tomcat10, tomcat11, and webkit2gtk3), and Ubuntu (nginx).
-
Linux Magazine ☛ RingReaper Malware Poses Danger to GNU/Linux Systems
A new kind of malware exploits modern Linux kernels for I/O operations.
-
How Cybercriminals Are Exploiting Cloud Misconfigurations—And What You Can Do