-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Apr 30, 2023
> Git 2.40.1 has been released to address three new security vulnerabilities being disclosed, which have been classified as “high-severity” by the National Vulnerability Database (NVD) due to their high confidentiality, integrity and availability impact, and the low attack complexity and lack of privileges required to exploit them. Due to these security fixes, updates for prior stable Git series are also availble with v2.39.3, v2.38.5, v2.37.7, v2.36.6, v2.35.8, v2.34.8, v2.33.8, v2.32.7, v2.31.8, and v2.30.9.
> I posted yesterday about fscrypt v2:
> https://bkhome.org/news/202304/preliminary-support-for-fscrypt-v2.html
> There is a security concern, as the password the user types in at bootup is used to create the encrypted folders. Quoting from here:
> https://www.kernel.org/doc/html/latest/filesystems/fscrypt.html
> Master keys must be real cryptographic keys, i.e. indistinguishable from random bytestrings of the same length. This implies that users must not directly use a password as a master key, zero-pad a shorter key, or repeat a shorter key. Security cannot be guaranteed if userspace makes any such error, as the cryptographic proofs and analysis would no longer apply.
> BianLian often uses the asterisk system before they actually name the victim and leak data.
> On April 18, 2023, the European Commission published its proposal for an EU Cyber Solidarity Act (“CSA”). It aims to strengthen incident detection, situational awareness, and response capabilities, and to ensure that entities providing services critical for day-to-day life can access expert support to manage their cyber risk and respond to incidents. Specifically, the CSA aims to promote information sharing about cyber incidents and vulnerabilities, to help improve the cyber resilience of critical entities, and to create an EU-wide resource for incident management.
> The CSA adds another layer to the increasingly crowded landscape of EU cybersecurity laws. The proposed law would interact with the revised Network and Information Security Directive (“NIS2”) and certifications issued under the Cybersecurity Act. Private companies in specific sectors will also have to consider potential overlap with the forthcoming Cyber Resilience Act and the financial services-focused Digital Operation Resilience Act.
> In the wake of a cyberattack at the Waterloo Region District School Board (WRDSB) this past summer, some of the people impacted are raising questions about how it was handled.
> The data accessed by hackers included details about employees dating back to 1970.
> But some of those former employees say getting information about what happened, along with their risks, was difficult.
> Emmanuel College in Boston appears to have become a victim of Avos Locker. The college was added to the threat actor’s leak site yesterday, with a note saying,
> United HealthCare made customers aware of a data breach on Friday, which temporarily allowed access to personal information for those enrolled in the company's healthcare plans.
> According to a statement, "suspicious activity" was noticed on the UHC mobile application "that may have led to the disclosure of member information."
> The company says that the breach happened between February 19 and February 25, and it was determined on April 10 that some member information was impacted.
> They believe that information including members' first and last names, health insurance member identification numbers, dates of birth, addresses, dates of service, provider names, claim information and group name and number may have been available.
> The Diocese of Las Vegas on Friday announced a cybersecurity breach that potentially compromised "sensitive information of its volunteers, parishioners, donors and other stakeholders," a news release states.
> A spokesperson noted there was "no indication that personal information has been misused," but said the Diocese would notify those who may have been impacted.
> On late Friday, Amnesty International Australia sent an email to supporters informing them their data may be at risk due to “anomalous activity” detected in its IT environment.
> While the email went out very late in the day/week, it also went out a very long time after the activity was found. The email, sighted by Gizmodo Australia, says the activity was detected late last year.
-- Response ended
-- Page fetched on Fri Jun 14 02:28:04 2024