💾 Archived View for gemini.tuxmachines.org › n › 2024 › 08 › 17 › Security_Leftovers.1.gmi captured on 2024-08-18 at 19:27:18. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Tux Machines
Posted by Roy Schestowitz on Aug 17, 2024
Windows TCO and Microsoft Flukes
=> https://hackaday.com/2024/08/16/this-week-in-security-three-billion-ss-numbers-ipv6-rce-and-ring-2/ ↺ This Week In Security: Three Billion SS Numbers, IPv6 RCE, And Ring -2
You may have heard about a very large data breach, exposing the Social Security numbers of three billion individuals. Now hang on. Social Security numbers are a particularly American data point, and last time we checked there were quite a few Americans shy of even a half of a billion’s worth. As [Troy Hunt] points out, there are several things about this story that seem just a bit odd.
=> https://diffoscope.org/news/diffoscope-275-released/ ↺ Reproducible Builds (diffoscope): diffoscope 275 released
The diffoscope maintainers are pleased to announce the release of diffoscope version 275. This version includes the following changes:
* Update the test_zip.py text fixtures and definitions to support new changes to IO::Compress. (Closes: #1078050) * Do not call marshal.loads(...) of precompiled Python bytecode as it is inherently unsafe. Replace, at least for now, with a brief summary of the code section of .pyc files. (Re: reproducible-builds/diffoscope#371) * Don't bother to check the Python version number in test_python.py: the fixture for this test is deterministic/fixed.
=> https://lwn.net/Articles/985980/ ↺ Security updates for Friday
Security updates have been issued by Fedora (389-ds-base, dotnet8.0, python3.13, roundcubemail, thunderbird, and tor), Mageia (roundcubemail), Oracle (.NET 8.0, bind and bind-dyndb-ldap, bind9.16, container-tools:ol8, edk2, firefox, gnome-shell, grafana, httpd:2.4, jose, kernel, krb5, mod_auth_openidc:2.3, orc, poppler, python-urllib3, python3.11-setuptools, thunderbird, and wget), Red Hat (kernel), SUSE (apptainer, curl, kernel, kernel-firmware, libqt5-qtbase, python-aiosmtpd, and ucode-intel), and Ubuntu (bind9, gnome-shell, libreoffice, and orc).
=> https://www.securityweek.com/cloud-misconfigurations-expose-110000-domains-to-extortion-in-widespread-campaign/ ↺ Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign
Security researchers at Palo Alto Networks discover a threat actor extorting organizations after compromising their cloud environments using inadvertently exposed environment variables.
=> https://cyberscoop.com/commerce-department-investigation-chinese-wifi-router-company/ ↺ House lawmakers push Commerce Department to probe Chinese Wi-Fi router company
The top representatives from the chamber’s U.S.-China competition committee want an investigation into TP-Link Technologies and an assessment of its national security risks.
=> https://www.pentestpartners.com/security-blog/insights-and-highlights-from-def-con-32/ ↺ Insights and highlights from DEF CON 32
TL; DR Event Dates: August 8-11, 2024, in Las Vegas. PTP Presentations: backdoored Windows Hello: Our Ceri Coburn (with Outsider Security’s Dirk-Jan Mollema) revealed vulnerabilities in biometric authentication.
=> https://federalnewsnetwork.com/commentary/2024/08/moving-past-security-hurdles-to-interagency-collaboration/ ↺ Moving past security hurdles to interagency collaboration
The success or failure of a team is often judged by its ability to create solutions or make decisions efficiently.
=> https://www.securityweek.com/in-other-news-400-cnas-crash-reports-schlatter-cyberattack/ ↺ In Other News: 400 CNAs, Crash Reports, Schlatter Cyberattack
Noteworthy stories that might have slipped under the radar: there are 400 CVE Numbering Authorities, crash reports can be a valuable source of information, and Schlatter was hit by a cyberattack.
=> https://www.securityweek.com/solarwinds-web-help-desk-vulnerability-possibly-exploited-as-zero-day/ ↺ SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day
The US cybersecurity agency CISA warns that a recent SolarWinds Web Help Desk vulnerability has been exploited in the wild.