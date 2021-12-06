Proprietary Spin and Security Leftovers
Lapsus$ Gang Says it Has Breached Okta and Microsoft
After breaching NVIDIA and Samsung and stealing and leaking those companies’ propertary data, the Lapsus$ cyber extortion gang has announced that they have popped Microsoft and Okta.
[...]
If Lapsus$’s assertions prove to be true, this (previously) relatively unknown hacking group has quickly become another threat actor that big corporations have to worry about.
Activists are targeting Russians with open-source "protestware" | MIT Technology Review [Ed: MIT Technology Review is blaming "open source" for Microsoft shipping malware]
Activists are targeting Russians with open-source "protestware" (Technology Review) [Ed: MIT Technology Review basically blames the victims of Microsoft for what Microsoft is doing; see comments]
MIT Technology Review has taken a brief look at open-source projects that have added changes protesting the war in Ukraine and drawn some questionable conclusions...
Corrupted open-source software enters the Russian battlefield [Ed: Steven Vaughan-Nichols now helps Microsoft by spinning Microsoft shipping malware as an "open source" issue]
It started as an innocent protest. Npm, JavaScript's package manager maintainer RIAEvangelist, Brandon Nozaki Miller, wrote and published an open-code npm source-code package called peacenotwar. It did little except add a protest message against Russia's invasion of Ukraine. But then, it took a darker turn: It began destroying computers' file systems.
Delta Electronics DIAEnergie [Ed: Microsoft SQL 'Server']
Delta Electronics DIAEnergie (Update [Ed: Microsoft SQL 'Server']
FBI and FinCEN Release Advisory on AvosLocker Ransomware [Ed: AvosLocker is a ransomware group that was identified in 2021, specifically targeting Windows machines; FBI and CISA do not even name Microsoft or Windows, as usual. Microsoft cannot defend Windows (too many back doors and defects), so the best it can do it pay the media to stay quiet, change the topic, or blame the wrong parties.]
The Federal Bureau of Investigation (FBI) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware. AvosLocker is a ransomware-as-a-service affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors.
Security updates for Tuesday [LWN.net]
Security updates have been issued by Debian (apache2 and thunderbird), Fedora (abcm2ps, containerd, dotnet6.0, expat, ghc-cmark-gfm, moodle, openssl, and zabbix), Mageia (389-ds-base, apache, bind, chromium-browser-stable, nodejs-tar, python-django/python-asgiref, and stunnel), openSUSE (icingaweb2, lapack, SUSE:SLE-15-SP4:Update (security), and thunderbird), Oracle (openssl), Slackware (bind), SUSE (apache2, bind, glibc, kernel-firmware, lapack, net-snmp, and thunderbird), and Ubuntu (binutils, linux, linux-aws, linux-aws-5.13, linux-gcp, linux-hwe-5.13, linux-kvm, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, and linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-hwe, linux-gcp-4.15, linux-kvm, linux-oracle, linux-snapdragon).
Drupal Releases Security Updates | CISA
Drupal has released security updates to address a vulnerability affecting Drupal 9.2 and 9.3. An attacker could exploit this vulnerability to take control of an affected system.
Qualys : Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 1) [Ed: WSL is an attack on Linux, it's Windows in disguise, and firms should quit using Microsoft's attack on Linux as a pretext for bashing the security of GNU/Linux]
SBOMs Supporting Safety Critical Software [Ed: This isn't the solution, this is the LF acting as a marketing proxy for sponsors]
Android Leftovers
LabPlot 2.9 Beta
After a long silence from us, we are happy to announce the start of the beta phase for the upcoming LabPlot 2.9 release. Over the past weeks, we have spent a significant amount of time fixing the outstanding issues and polishing new features. Some of the major new features were introduced in our recent blog posts, and many other new features are mentioned in our ChangeLog file.
Free Software/Open Source Leftovers
Development Leftovers
