Security Leftovers

posted by Roy Schestowitz on Dec 24, 2025

• Bruce Schneier ☛ Denmark Accuses Russia of Conducting Two Cyberattacks

  News:

  The Danish Defence Intelligence Service (DDIS) announced on Thursday that Moscow was behind a cyber-attack on a Danish water utility in 2024 and a series of distributed denial-of-service (DDoS) attacks on Danish websites in the lead-up to the municipal and regional council elections in November.

  The first, it said, was carried out by the pro-Russian group known as Z-Pentest and the second by NoName057(16), which has links to the Russian state.

• Silicon Angle ☛ DDoS attack knocks France’s postal service La Poste offline during holiday peak

  France’s national postal service,  La Poste and its banking arm, La Banque Postale, were knocked offline on Monday in a distributed denial-of-service attack that disrupted services at the height of the Christmas season. The attack rendered La Poste’s online services, including its website, mobile applications, mail tracking and the Digiposte digital vault, unavailable across France.

• Security Week ☛ Cyberattack Disrupts France’s Postal Service and Banking During Christmas Rush

  A cyberattack knocked France’s national postal service offline, blocking and delaying package deliveries and online payments.

• LWN ☛ Security updates for Tuesday

  Security updates have been issued by AlmaLinux (binutils, curl, gcc-toolset-13-binutils, git-lfs, httpd, httpd:2.4, keylime, libssh, mod_md, openssh, php:8.3, podman, python3.12, python3.9, python39:3.9, skopeo, tomcat, tomcat9, and webkit2gtk3), Fedora (mingw-glib2, mingw-libsoup, and mingw-python3), Mageia (roundcubemail), Oracle (git-lfs and mod_md), and SUSE (glib2, kernel, mariadb, and qemu).

• Security Week ☛ Nissan Confirms Impact From Red Bait Data Breach

  The personal information of 21,000 customers was stolen after hackers compromised Red Hat’s GitLab instances.

• Security Week ☛ 3.5 Million Affected by University of Phoenix Data Breach

  The University of Phoenix is one of the many victims of the recent Oracle EBS hacking campaign attributed to the Cl0p ransomware group.

• Security Week ☛ 574 Arrested, $3 Million Seized in Crackdown on African Cybercrime Rings

  Authorities in Senegal, Ghana, Benin, and Cameroon dismantled BEC, ransomware, and other cyber-fraud networks.

• Security Week ☛ Feds Seize Password Database Used in Massive Bank Account Takeover Scheme

  The cybercriminals attempted to steal $28 million from compromised bank accounts through phishing.

• Daniel Kahn Gillmor: Hey Hi (AI) and Secure Messaging Don't Mix

  I just published an article titled AI and Secure Messaging Don't Mix.

  The blogpost assumes for the sake of the argument that people might actually want to have an Hey Hi (AI) involved in their personal conversations, and explores why Meta's Private Processing doesn't offer the level of assurance that they want it to offer.

• TechRadar ☛ Surfshark expands dedicated IP to Linux in its latest desktop update

  Linux users are finally getting more control and fewer login headaches

• Vice Media Group ☛ Surfshark’s Dedicated IP Is Now on Linux [Ed: VICE 'back' just to spew out spam]

  Say you’ve done the smart thing and have got yourself a virtual private network (VPN) to help anonymize your online activity and keep your browsing private, but you’re sick of the websites that detect you’re using a VPN and block you. There’s a fix for that.