Language Selection

English French German Italian Portuguese Spanish

Security

Security: CII, Policy, Investment, and More

Filed under
Security

Security: Updates or Patches

Filed under
Security

Tails 3.2 is out

Filed under
Security
Debian

This release fixes many security issues and users should upgrade as soon as possible.

Read more

Security: Patches and Unpatched Systems

Filed under
Security

Security: "Bad Microsoft", Deloitte, Ransom, Equifax, Linux and Phish For the Future

Filed under
Security
  • Risky Business #471 -- Good Microsoft, bad Microsoft

    On this week’s show we’re taking a look at a mediocre response from Microsoft’s security response centre in the face of a fairly run-of-the-mill bug report. Our guest today found some Microsoft software was failing to validate SSL certificates. He reported it, but Microsoft said it wasn’t a security issue because, drum roll please, the attacker would require man in the middle to exploit the failure. Ummm. What?

  • Deloitte did little to ensure safety of data: claim

    The data breach at accountancy firm Deloitte shows that while the company may know a great deal about security, it appears to have done little to make sure that the vast amount of data it has is safe, the head of a cyber security firm claims.

  • SMBs paid US$301m as ransom in last year: survey

    Data protection company Datto has released the results of a ransomware survey based on data from 1700 managed service providers which shows that a sum of US$301 million was paid to attackers between the second quarter of 2016 and the second quarter of 2017.

  • Equifax CEO to collect $90 million: report

    Smith, who announced his retirement Tuesday, will collect about $72 million this year and $17.9 million in coming years, according to Fortune. This reportedly adds up to about 63 cents for each customer who was potentially exposed in the company’s data breach.

  • Linux Kernel Bug Reclassified as Security Issue After Two Years

    Multiple Linux distros are issuing security updates for OS versions that still use an older kernel branch after it recently came to light that a mild memory bug was in reality much worse, and the bug was recently categorized as a security flaw.

    The original bug was discovered by Michael Davidson, a Google employee, back in April 2015 and was fixed in Linux kernel 4.0.

  • Phish For the Future

    This report describes “Phish For The Future,” an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight For the Future. Between July 7th and August 8th of 2017 we observed almost 70 spearphishing attempts against employees of internet freedom NGOs Fight for the Future and Free Press, all coming from the same attackers.

    This campaign appears to have been aimed at stealing credentials for various business services including Google, Dropbox, and LinkedIn. At least one account was compromised and was used to send out additional spearphishing emails to others in the organization. Because the compromised account had been neglected for years and contained no recent activity, we suspect the attackers were trying to leverage trust in order to compromise a more recent or high-value account. We were unable to determine what the secondary goal of the campaign was after the credentials were stolen. The attackers were remarkably persistent, switching up their attacks after each failed attempt and becoming increasingly creative with their targeting over time.

Security: Wi-Fi Patches, Equifax, Deloitte, NSA's EternalBlue Exploit and TalkTalk

Filed under
Security

Security: Deloitte, AWS, CCleaner, Equifax, Optionsbleed

Filed under
Security
  • Source: Deloitte Breach Affected All Company Email, Admin Accounts

     

    Deloitte, one of the world’s “big four” accounting firms, has acknowledged a breach of its internal email systems, British news outlet The Guardian revealed today. Deloitte has sought to downplay the incident, saying it impacted “very few” clients. But according to a source close to the investigation, the breach dates back to at least the fall of 2016, and involves the compromise of all administrator accounts at the company as well as Deloitte’s entire internal email system.  

  • Security breach exposes data from half a million vehicle tracking devices

     

    The exposed data, which includes customer credentials, was unearthed through a misconfigured Amazon AWS S3 bucket that was left publically available, and because it wasn't protected by a password, could allow anyone to pinpoint locations visited by customers of the vehicle tracking firm.

  • CCleaner backdoor infecting millions delivered mystery payload to 40 PCs

    At least 40 PCs infected by a backdoored version of the CCleaner disk-maintenance utility received an advanced second-stage payload that researchers are still scrambling to understand, officials from CCleaner's parent company said.

  • Will the Equifax Data Breach Finally Spur the Courts (and Lawmakers) to Recognize Data Harms?

    This summer 143 million Americans had their most sensitive information breached, including their name, addresses, social security numbers (SSNs), and date of birth. The breach occurred at Equifax, one of the three major credit reporting agencies that conducts the credit checks relied on by many industries, including landlords, car lenders, phone and cable service providers, and banks that offer credits cards, checking accounts and mortgages. Misuse of this information can be financially devastating. Worse still, if a criminal uses stolen information to commit fraud, it can lead to the arrest and even prosecution of an innocent data breach victim.    

    Given the scope and seriousness of the risk that the Equifax breach poses to innocent people, and the anxiety that these breaches cause, you might assume that legal remedies would be readily available to compensate those affected. You’d be wrong.

    While there are already several lawsuits filed against Equifax, the pathway for those cases to provide real help to victims is far from clear.  That’s because even as the number and severity of data breaches increases, the law remains too narrowly focused on people who have suffered financial losses directly traceable to a breach.

  • New breach, same lessons

    The story of recent breaches at the credit-rating agency Equifax, which may have involved the personal details of nearly 150 million people, has probably just begun, given the confusion that still surrounds events. But it’s brought the security of open source software to the fore yet again, and highlighted the ongoing struggle organizations still have with cybersecurity.

  • Apache “Optionsbleed” vulnerability – what you need to know [Ed: The security FUD complex came up with a buzzword: Optionsbleed. But it fails to (over)sell this hype.]

Security: Deloitte, Ransomware, Equifax, Denmark, and macOS 0-Day

Filed under
Security
  • Deloitte hack exposes secret emails and plans from firm's blue-chip clients

    Hackers [sic] are said to have accessed confidential emails and plans of Deloitte's blue-chip clients, along with usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

  • Deloitte hit by cyber-attack revealing clients’ secret emails

    Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.

  • A quarter of local UK councils have fallen victim to ransomware

    115 councils (27 per cent) said they had been victims of security ransoms, while 43 per cent said they hadn't.

  • Equifax CEO Richard Smith Retires as Breach Fallout Continues

    Equifax's massive data breach has claimed another victim - Richard Smith, the company's CEO and Chairman of the Board. Equifax announced that Smith is retiring from his role at the company, effective Sept. 26.

    "The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right," Smith stated. "At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward."

    Equifax announced on Sept. 7 that it was the victim of a data breach the exposed personally identifiable information on 143 million Americans. The company initially reported that it first became aware of the breach on July 29, though subsequent reports have alleged that the company was breached as early as March.

  • Denmark continues its work on cyber security plan

    Denmark’s Ministry of Finance is to finalise Denmark’s national strategy for cyber and information security. The ministry recently took over coordination of the plans, which previously were being prepared by the Ministry of Defence. The strategy is to be presented early next year, reports Denmark’s Agency for Digitisation (Digitaliseringsstyrelsen - DIGST).

  • Password-theft 0-day imperils users of High Sierra and earlier macOS versions

    There's a vulnerability in High Sierra and earlier versions of macOS that allows rogue applications to steal plaintext passwords stored in the Mac keychain, a security researcher said Monday. That's the same day the widely anticipated update was released.

    The Mac keychain is a digital vault of sorts that stores passwords and cryptographic keys. Apple engineers have designed it so that installed applications can't access its contents without the user entering a master password. A weakness in the keychain, however, allows rogue apps to steal every plaintext password it stores with no password required. Patrick Wardle, a former National Security Agency hacker who now works for security firm Synack, posted a video demonstration here.

Security: Updates, CCleaner, and Capsule8

Filed under
Security
  • Security updates for Monday
  • CCleaner malware may be from Chinese group: Avast

    Security company Avast says it has found similarities between the code injected into CCleaner and the APT17/Aurora malware created by a Chinese advanced persistent threat group in 2014/2015.

  • Capsule8 Raises New Funds to Help Improve Container Security

    Container security startup Capsule8 is moving forward with beta customer deployments and a Series A round of funding, to help achieve its vision of providing a secure, production-grade approach to container security.

    The Series A round of funding was announced on Sept. 19, with the company raising $6 million, led by Bessemer and ClearSky, bringing total funding to date up to $8.5 million. Capsule8 first emerged from stealth in February 2017, though its' core technology product still remains in private beta as the company fine-tunes the platform for production workload requirements.

Syndicate content

More in Tux Machines

Games: Deep Sixed, Lazy Galaxy, Gladiabots, Railway Empire, Hypergate, Total War Saga: Thrones of Britannia

Sailfish OS 2.1.4 is now available to early access

After a few productive months of development, we are ready to release the next Sailfish OS update named Lapuanjoki to the early access group! Lapuanjoki is named after the town of Lapua, located in Southern Ostrobothnia region, flowing from lake Sampalampi to the Gulf of Bothnia. Read more Also: Jolla Pushes Out Sailfish OS 2.1.4 Into Early Access

Today in Techrights

Qt 5.11 Alpha Released

Qt 5.11 Alpha is released today. As usual the official Alpha is a source code delivery only, but later we will offer development snapshots of Qt 5.11 regularly via the online installer. Please check Qt 5.11 New Features wiki to see what new is coming with Qt 5.11 release. Please note that the feature list is still in progress and not to be considered final before the first Beta release. Read more Also: Qt 5.11 Alpha Released With Many Toolkit Additions