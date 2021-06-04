Security and Proprietary Software Leftovers
Ukrainian Police Nab Six Tied to CLOP Ransomware
Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School, the University of California, and University of Maryland.
Security updates for Wednesday
Security updates have been issued by Debian (prosody, python-urllib3, and xen), Fedora (dino, dotnet3.1, dotnet5.0, and vmaf), Oracle (gupnp, kernel, and kernel-container), Red Hat (gupnp), Scientific Linux (kernel), SUSE (java-1_8_0-openjdk, kernel, snakeyaml, and xorg-x11-libX11), and Ubuntu (bluez).
Microsoft Teams security flaw left users defenseless against serious cyberattacks
Microsoft Teams exploit exposed sensitive files, emails and chat logs
Security flaw found in 2G mobile data encryption standard
Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades.
In a paper published Wednesday, researchers from Germany, France and Norway said the flaw affects the GPRS - or 2G - mobile data standard.
The vulnerability in the GEA-1 algorithm is unlikely to have been an accident, the researchers said. Instead, it was probably created intentionally to provide law enforcement agencies with a “backdoor” and comply with laws restricting the export of strong encryption tools.
FBI's Recovery Of Colonial Pipeline Bitcoin Ransom Highlights How The 'Ban Crypto To Stop Ransomware' Cries Were Wrong Again
Last month we highlighted what seemed like a fairly silly Wall Street Journal op-ed arguing that banning cryptocurrency was the best way to stop ransomware, in response (mainly) to the well publicized ransomware attack on Colonial Pipeline, which resulted in the company shutting down the flow of oil while it sorted things out. As we pointed out, not only was the idea of banning cryptocurrency unworkable, it was unlikely to do much to stop ransomware. Unfortunately, it appears that a number of other cryptocurrency haters jumped on this moment to push the idea even further, claiming that "society has a Bitcoin problem."
Ryuk ransomware recovery cost us $8.1m and counting, says Baltimore school authority [iophk: Windows TCO]
An organisation whose network was infected by Ryuk ransomware has spent $8.1m over seven months recovering from it – and that’s still not the end of it, according to US news reports.
The sum, spent by Baltimore County Public Schools, will doubtless raise some eyebrows and the public breakdown of the costs will be eye-opening for the infosec industry and potential corporate ransomware victims alike.
A spreadsheet obtained by Fox 45 News Baltimore, a TV station, revealed the $8.1m spending and also broke it down into individual line items.
AWS S3 Glacier Deep Archive - Difficulty deleting files with accents
And to the second point, it gets more complicated with S3 Glacier Deep Archive, because I'm used to some operations taking 12 hours or longer, so I got lazy and didn't double-check on the delete operations.
The methods and menace of the new bank robbers [iophk: Windows TCO]
Such activity represents the handiwork of a new breed of bank robber. Forget the hold-ups of yore. Today’s smartest [crackers] are likely to be backed by rogue states, such as North Korea and, to a lesser extent, Iran, or tolerated by countries such as Russia and China. They benefit from unprecedented resources and protection from law-enforcement agencies. As well as attempting to empty accounts, they also target data for insider trading.
As one of the first industries to offer online transactions, banks have been fending off [crackers] since the dawn of the [Internet]. They spend more on cyber-security than any other sort of firm—$2,691 per employee—and manage to foil a lot of the attempted thefts. Nonetheless, since 2016, no industry has suffered more from attacks than banks (see chart).
GNU Projects: Coreutils, Taler, and gdbm
Android Leftovers
Kernel: LWN and Phoronix Article (Without Paywall and New, Respectively)
7 Best Free and Open Source HTML Editors
An HTML editor is computer software for creating web pages. As this type of editor helps to remove the frustration out of creating web pages, it represents an indispensable tool for graphic and web designers. Specialized HTML editors provide convenience and added functionality. There are three main types of HTML editors. The most common type is the WYSIWYG HTML editor. Here the editor provides an editing interface which resembles how the page will be displayed in a web browser. This is achieved by embedding a layout engine. For example, in the case of BlueGriffon, the layout engine that is used is Gecko, which is also used in the Firefox web browser. The other types of editor are text source editors and object editors.
