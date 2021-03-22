Security and Proprietary Software
Malicious Office 365 Apps Are the Ultimate Insiders [Ed: Office 360 itself is malicious]
Biden administration, Congress unite in effort to tackle ransomware attacks [iophk: Windows TCO]
Congress has also been paying greater attention to the threats from ransomware, with members on both sides of the aisle citing attacks in their districts on schools, governments, libraries and hospitals as key motivating factors in taking action.
Changing role of the board on cybersecurity
While it is the network security team that is responsible for preventing such a breach, increasingly, the company’s board is being examined in such cases more often than before. So, how can the board be ready if such an unforeseen event unfolds and how the direction to take corrective measures can come right from the top?
In our latest report we delve into the changing role of the board on cybersecurity to outline the following recommendations: [...]
They Told Their Therapists Everything. [Crackers] Leaked It All [iophk: Windows TCO]
Vastaamo ran the largest network of private mental-health providers in Finland. In a country of just 5.5 million—about the same as the state of Minnesota—it was the “McDonald’s of psychotherapy,” one Finnish journalist told me. And because of that, the attack on the company rocked all of Finland. Around 30,000 people are believed to have received the ransom demand; some 25,000 reported it to the police. On October 29, a headline in the Helsinki Times read: “Vastaamo [Cracking] Could Turn Into Largest Criminal Case in Finnish History.” That prediction seems to have come true.
RTF Report: Combatting Ransomware
2. The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House. This must include the establishment of 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal U.S. Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub.
Tesla Car [Cracked] Remotely From Drone via Zero-Click Exploit
The attack, dubbed TBONE, involves exploitation of two vulnerabilities affecting ConnMan, an internet connection manager for embedded devices. An attacker can exploit these flaws to take full control of the infotainment system of a Tesla without any user interaction.
Kubestriker: A security auditing tool for Kubernetes clusters
It performs a variety of checks on a range of services and open ports on the Kubernetes platform, helps safeguard against potential attacks on Kubernetes clusters by continuously scanning, monitoring and alerting of any anomalies, allows users to see components of the Kubernetes infrastructure, and visualizes attack paths (how hackers can advance their attacks by chaining misconfigured components in the Kubernetes cluster).
“Kubernetes has become a popular open-source platform for containerized workflows and a key building block for modern technology infrastructure. According to Gartner, by 2025 more than 85% of global organizations will be running containerized applications in production. This widespread popularity and lack of solid security measures in place have made Kubernetes the perfect target for attackers,” Kubestriker’s creator Vasant Chinnipilli, a security architect and DevSecOps practitioner, told Help Net Security.
today's howtos
Our future upgrade wave of Ubuntu 18.04 machines
Our future issue is that having a lot of 18.04 machines (some of them very critical ones) means that when Ubuntu 22.04 comes out next April, we'll have a lot of machines to upgrade in less than a year (since 18.04 will stop being supported at the end of April 2023). This is probably more unique machines than we've ever had to upgrade in one cycle, even if we assume that the machines users log in to are mostly simple to rebuild. Some of the machines, such as our fileservers, will take extensive testing all on their own.
Kernel Articles in LWN (Just Liberated From Paywall)
Z-Pi 7 Z-Wave gateway devkit works with Raspberry Pi and Orange Pi Zero boards
WiFi & Bluetooth are the most popular wireless protocols for home automation, alternatives like Zigbee and Z-wave have also been widely adopted, at least in some countries. And if you are interested in the latter, Aeotec has just introduced the Z-Pi 7 gateway development kit that lets you add Z-Wave connectivity to Raspberry Pi boards or Orange Pi Zero SBC with an expansion board connected over UART through the GPIO header.
