Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Feb 18, 2023

After apparent hack, data from Australian tech giant Atlassian dumped online

> A hacking crew called SiegedSec posted data on what appears to be thousands of employees and floor plans for two of the company's offices.

AMD's Ryzen Master Has a High Severity Vulnerability, Update Available

> AMD's Ryzen Master software has a bug that allows an attacker to take control of the system, but a new update fixes the issue.

US government launches ‘strike force’ to combat Chinese and Russian technology threats

> Deputy Attorney General Lisa Monaco said the Disruptive Technology Strike Force will use intelligence and analytics to target illicit actors.

Hacks, leaks and wipers: Google analyzes a year of Russian cyberattacks on Ukraine

> Google's report on the Ukraine war shows how Russia executed information operations and hacking campaigns to gain an advantage in cyberspace.

HTML phishing attachment with browser-in-the-browser technique, (Thu, Feb 16th)

> Simply put, the technique is based on displaying a simulated browser pop-up window (usually a login prompt) within the confines of an HTML page opened in a browser. The simulated pop-up may look almost indistinguishable from a real browser window and since it may contain an arbitrary URL in the simulated address bar, the use of the BitB technique for phishing can be quite effective...

Ubuntu Security: Best practices for securing your system

> Ubuntu is a popular Linux-based operating system that has gained considerable popularity over the years due to its user-friendly interface and ease of use. It is a highly customizable and versatile operating system suitable for personal and enterprise use.

CISA Releases Fifteen Industrial Control Systems Advisories

> CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

> CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:

CISA Adds One Known Exploited Vulnerability to Catalog [Ed: Cacti flaw actively exploited]

> CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.

FBI says cyber incident at New York field office ‘contained’

> The bureau is working to gain additional information about the reported cyberattack.

Cisco Releases Security Advisories for Multiple Products

> Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Sweetwater schools internet outage disrupts student learning and could last all week

> Days after a sweeping systems outage first disrupted student learning and forced teachers to remake their lessons, the Sweetwater Union High School District still hasn’t said what caused the outage or when it expects a fix.

Exclusive: FBI says it has ‘contained’ cyber incident on bureau’s computer network

> The FBI has been investigating and working to contain a malicious cyber incident on part of its computer network in recent days, according to people briefed on the matter.

> FBI officials believe the incident involved an FBI computer system used in investigations of images of child sexual exploitation, two sources briefed on the matter told CNN.

Data Breach Reported At Mount Pleasant Central School District | Mount Pleasant Daily Voice

> After the data breach was discovered on Friday, an investigation into the matter found that several passwords belonging to Grade 7 students in the district had been posted to a shared Google Classroom during the 2020-2021 school year. After this document was found, it was immediately removed.

GoDaddy: Hackers stole source code, installed malware in multi-year breach

> Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.

BD issues cybersecurity alert for hacking risk found in Alaris infusion pump software

Spain orders extradition of British alleged hacker to U.S.

> Spain’s National Court has agreed to the extradition to the U.S. of a British citizen who allegedly took part in computer attacks including the hacking in 2020 of Twitter accounts of public figures such as Joseph Biden, Barack Obama and Bill Gates as well as for extortion and theft via internet. A court statement Friday said requirements had been met for handing over Joseph James O’Connor to U.S. authorities for 14 charges covering crimes such as revelations of secrets, membership of a criminal gang, illegal access to computer systems, internet fraud and money laundering. O’Connor, 23, from Liverpool, England was arrested in the southern Spanish coastal town of Estepona in July 2021.

Hackers backdoor Microsoft IIS servers with new Frebniis malware

> Hackers are deploying a new malware named 'Frebniss' on Microsoft's Internet Information Services (IIS) that stealthily executes commands sent via web requests.

> Frebniis was discovered by Symantec's Threat Hunter Team, who reported that an unknown threat actor is currently using it against Taiwan-based targets.

Microsoft fixes three zero-days in its 75-flaw February Patch Tuesday