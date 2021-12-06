Proprietary Leftovers
Apple hit with second iCloud services outage in two days
Okta [breach] puts thousands of businesses on high alert
Okta, an authentication company used by thousands of organizations around the world, has now confirmed an attacker had access to one of its employees’ laptops for five days in January 2022 and that around 2.5 percent of its customers may have been affected — but maintains its service “has not been breached and remains fully operational.”
The disclosure comes as [cracking] group Lapsus$ has posted screenshots to its Telegram channel claiming to be of Okta’s internal systems, including one that appears to show Okta’s Slack channels, and another with a Cloudflare interface.
[Crackers] hit authentication firm Okta, customers 'may have been impacted'
Chief Security Officer David Bradbury said in a blog post that a customer support engineer working for a third-party contractor had his computer accessed by the [crackers] for a five-day period in mid-January and that "the potential impact to Okta customers is limited to the access that support engineers have."
Software firm investigates digital breach
The software company said the breach could be related to an incident in January that was contained. Okta said it prevented the [attackers] from compromising the account of a third-party customer support engineer.
Okta changes tune, says about 375 customers hit by January incident [iophk: Windows TCO]
Identity services provider Okta has now changed its tune and says that 2.5% of its customers — which amounts to about 375 companies — have been affected by the January breach to which it admitted.
Why Don't You Use ...
These have all happened to me. Technology X may be too expensive because we're using another technology with a special discount that's confidential. If the reasons are under NDA, then I also cannot share it. In one case I was interested in a technology, only to have the CEO of the company that developed it, under NDA, tell me that he was abandoning it. They had not announced this publicly. I've also privately chatted with key technology contributors at conferences who are looking for something different to work on, because they believe their own technology is doomed.
At some companies, whatever reason may just be considered competitive knowledge and thus confidential.
Embrace. Extend. Extinguish.
A timeless strategy for technical products. One of the most effective forms of API warfare which Microsoft was (is) most notorious for. From a 1994 internal memo at Microsoft on a strategy for building the "killer app" for the budding [Internet].
The U.S. warns companies to stay on guard for possible Russian cyberattacks [iophk: Windows TCO]
Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger called for companies to secure their systems, including implementing multifactor authentication, patching systems against known vulnerabilities, backing up data, running drills and engaging with federal authorities before a cyberattack happens.
[Old] What Are the Internet Domains Connected to the Conficker Botnet?
These days, while Conficker is no longer among the world’s top threats, users of older Windows operating systems (OSs) or so-called “legacy systems” may still be vulnerable to the threat. Examples of industries that may have such systems in their networks include banks, industrial control systems (ICS) operators, and utility companies.
This post sought to look at known Conficker indicators of compromise (IoCs) and find out if any of them remain online.
Microsoft confirms Lapsus$ [crackers] stole source code via ‘limited’ access
On Tuesday evening, after investigating, Microsoft confirmed the group that it calls DEV-0537 compromised “a single account” and stole parts of source code for some of its products. A blog post on its security site says Microsoft investigators have been tracking the Lapsus$ group for weeks, and details some of the methods they’ve used to compromise victims’ systems. According to the Microsoft Threat Intelligence Center (MSTIC), “the objective of DEV-0537 actors is to gain elevated access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion. Tactics and objectives indicate this is a cybercriminal actor motivated by theft and destruction.”
Nvidia’s [crackers] say they’ve stolen 37GB of Microsoft code
Is there such a thing as a “celebrity [cracker] team?” If so, there appears to be one on the rise. A few weeks ago Nvidia was [breached], with internal documents and even encryption keys leaked in the bizarre follow-up. Now the same team of [crackers] claims that it’s infiltrated Microsoft, making away with 37 gigabytes of proprietary source code. A torrent file containing at least some Microsoft projects has been distributed.
Hacking Group Starts Dumping Files Allegedly Stolen From Microsoft
‘Spam Nation’ Villain Vrublevsky Charged With Fraud
Pavel Vrublevsky, founder of the Russian payment technology firm ChronoPay and the antagonist in my 2014 book “Spam Nation,” was arrested in Moscow this month and charged with fraud. Russian authorities allege Vrublevsky operated several fraudulent SMS-based payment schemes, and facilitated money laundering for Hydra, the largest Russian darknet market. But according to information obtained by KrebsOnSecurity, it is equally likely Vrublevsky was arrested thanks to his propensity for carefully documenting the links between Russia’s state security services and the cybercriminal underground.
Linux History and Why Are There So Many Distros
Unix was a project created by Bell Labs Engineers in 1969 with the aim of being a uniform operating system for all. It had become hugely popular and many big giant companies started using it. In 1983, Richard Stallman developed the GNU project. It was created to be an open source operating system like UNIX but better. But the developers of GNU started developing the utilities of an operating system first and thought of creating the kernel later. In 1991 Finnish-American Linus Benedict Torvalds, who was a computer science student from Helsinki created an operating system kernel as a personal hobby project. It was based on MINIX or mini-Unix, which is a Unix-like operating system based on a microkernel architecture. He used the compiler used in GNU project, which we have discussed earlier.
Programming Leftovers
Proprietary Leftovers
How to Enable X11 and Disable Wayland Window System
There are multiple ways to switch from the Wayland window system to the X11 window system, such as follows: 1. Easily switch from Wayland to the X11 Window system from the lockscreen. 2. Modify /etc/gdm3/daemon.conf or /etc/gdm3/custom.conf to permanently disable Wayland.
