Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Feb 22, 2023

today's howtos

GParted 1.5 Enables Repair When Checking exFAT File Systems

Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities

↺ Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities

> Apple has updated its security advisories to add new iOS and macOS vulnerabilities, including ones belonging to a new class of bugs.

AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm

↺ AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm

> The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CVSS system criticized for failure to address real-world impact

↺ CVSS system criticized for failure to address real-world impact

> JFrog argues vulnerability risk metrics need complete revamp

Phishing Page Branded with Your Corporate Website, (Tue, Feb 21st)

↺ Phishing Page Branded with Your Corporate Website, (Tue, Feb 21st)

> Here is another perfect example that shows how attackers abuse free services...

The Insecurity of Photo Cropping

↺ The Insecurity of Photo Cropping

> The Intercept has a long article on the insecurity of photo cropping:

↺ long article

↺ long article

HardBit Ransomware Offers to Set Ransom Based on Victim’s Cyberinsurance

↺ HardBit Ransomware Offers to Set Ransom Based on Victim’s Cyberinsurance

> HardBit ransomware operators want to work with victims to negotiate a ransom behind the back of cyberinsurance companies.

Sobeys admits to data breach in November 2022 | CTV News

↺ Sobeys admits to data breach in November 2022 | CTV News

> Months after a suspected cyberattack shutdown pharmacy services for a number of days, the Maritime company that owns Sobeys is alerting customers and employees, past and present, about a data breach of personal information.

[Cr]ackers Scored Data Center Logins for Some of the World's Biggest Companies

↺ [Cr]ackers Scored Data Center Logins for Some of the World's Biggest Companies

> In an episode that underscores the vulnerability of global computer networks, hackers got ahold of login credentials for data centers in Asia used by some of the world’s biggest businesses, a potential bonanza for spying or sabotage, according to a cybersecurity research firm.

St. Paul, Minnesota: KFI Engineers pays $300k ransom, Black Basta ransomware group thanks...

↺ St. Paul, Minnesota: KFI Engineers pays $300k ransom, Black Basta ransomware group thanks...

> A negotiation that lasted a few days was enough for the group of cybercriminals Black Basta to pocket a ransom of $300k, the initial amount requested by the ransomware group was $600k.

> The American company KFI Engineers, with its headquarters in St. Paul in the state of Minnesota, finally decided to come to terms with its extortionists; more money that enters the coffers of a group of cybercriminals, more money that will allow Black Basta to finance his group and his illegal actions.

HardBit ransomware gang adjusts their demands so the insurance company would cover the ransom cost

↺ HardBit ransomware gang adjusts their demands so the insurance company would cover the ransom cost

> The HardBit ransomware group first appeared on the threat landscape in October 2022, but unlike other ransomware operations, it doesn’t use a double extortion model at this time.

> The gang threatens victims of further attacks if their ransom demands are not met. Once infected the network of an organization, the HardBit ransomware group instructs victims to contact them by email or via the Tox instant messaging platform.

gemini.tuxmachines.org