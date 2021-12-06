Security Leftovers
Ubiquiti sues Krebs on Security for defamation
Network equipment maker Ubiquiti on Tuesday filed a lawsuit against infosec journalist Brian Krebs, alleging he defamed the company by falsely accusing the firm of covering up a cyber-attack.
On March 30, 2021, Krebs reported that Ubiquiti had disclosed a January breach involving a third-party cloud provider, later revealed to be AWS, and that an unnamed source within the firm had claimed the company was downplaying a catastrophic compromise.
On December 1, 2021, the US Department of Justice charged former Ubiquiti software engineer Nickolas Sharp, accusing him of attempting to steal data from the company and to extort $2 million from the firm in Bitcoin ransom as part of an effort to reduce the price of Ubiquiti shares. The DoJ said that after Ubiquiti refused Sharp's payment demand, he tried to sink the company's shares by publishing stolen files and engaging in a media campaign to plant damaging stories about the firm.
Zlib crash-an-app bug finally squashed, 17 years later
The widely used Zlib data-compression library finally has a patch to close a vulnerability that could be exploited to crash applications and services — four years after the vulnerability was first discovered but effectively left unfixed.
Google Project Zero bug hunter Tavis Ormandy alerted the Open-Source-Software-Security mailing list about the programming blunder, CVE-2018-25032, which he found while trying to pinpoint the cause of a compressor crash.
"I reported it upstream, but it turns out the issue has been public since 2018, but the patch never made it into a release," Ormandy wrote. "As far as I know, nobody ever assigned it a CVE."
Plus, when the issue was reported in April 2018 by Eideticom's Danilo Ramos, it was already 13 years old — meaning this bug has been around, and awaiting potential exploit, for 17 years.
Vault Vision announces expanded security capabilities with OpenID Foundation and FIDO Alliance partnerships
Vault Vision, a leading technology provider of identity and authentication management solutions announced a partnership with OpenID Foundation and the FIDO alliance. Vault Vision’s new partnerships come at a time where 40 percent of American users have had their online data compromised, according to Google. The shift away from password-based authentication is accelerating with the total market for expected to reach $53.6 billion by 2030, a staggering increase from $15.6 billion in 2022, according to Statista.
