Tux Machines

Security Leftovers

Posted by Roy Schestowitz on May 19, 2023

today's howtos

Graphics/Multimedia: PipeWire, libei, and lavapipe (UPDATED)

Cybersecurity experts flag potential risks affecting new top-level domains

↺ Cybersecurity experts flag potential risks affecting new top-level domains

> Some cybersecurity experts have expressed concerns about two new top-level domains that became generally available earlier this month. The two top-level domains were released by Google LLC on May 3 along with six others.

Phishing attacks already using the .zip TLD

↺ Phishing attacks already using the .zip TLD

> On May 3rd, Google Registry launched eight new top-level domains (TLDs) “for dads, grads and techies”, including a .zip TLD. While these new TLDs come with benefits such as automatic inclusion on the HSTS preload list, the launch of new TLDs has always presented cyber criminals with the opportunity to register domains in bad faith.

↺ Google Registry launched eight new top-level domains (TLDs)

↺ register domains in bad faith

↺ Google Registry launched eight new top-level domains (TLDs)

↺ register domains in bad faith

Kubernetes and Sigstore founders launch new software supply chain company Stacklok [Ed: This leads towards preventing people running programs of their choice -- or worse, it might force people to use back-doored versions endorsed by a government]

↺ Kubernetes and Sigstore founders launch new software supply chain company Stacklok

> Kubernetes co-founder Craig McLuckie and Sigstore founder Luke Hinds today announced the launch of a new software supply chain company called Stacklok, after the company raised $17.5 million in venture capital funding ahead of its reveal.

Authorities warn BianLian ransomware gang has switched to exfiltration-based extortion [Ed: It's worth noting that over 90% of ransomware targets Windows, despite Windows having a small portion of the overall market]

↺ Authorities warn BianLian ransomware gang has switched to exfiltration-based extortion

> The U.S. Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the Australian Cyber Security Centre have issued a joint warning about a change in tactics from a well-known ransomware group from traditional ransomware encryption to exfiltration-based extortion. The group, called BianLian, is believed to have first emerged in 2021.

Critical Infrastructure Organizations Warned of BianLian Ransomware Attacks

↺ Critical Infrastructure Organizations Warned of BianLian Ransomware Attacks

> CISA, FBI, and ACSC warn critical infrastructure organizations of the BianLian ransomware group’s attacks.

Lacroix Closes Production Sites Following Ransomware Attack

↺ Lacroix Closes Production Sites Following Ransomware Attack

> Technological equipment supplier Lacroix has closed three production sites after experiencing a ransomware attack.

AWS Open Sources Security Tools [Ed: AWS passes code to proprietary GitHub, to be controlled by Microsoft and the NSA (back doors boosters)]

↺ AWS Open Sources Security Tools

> AWS is open sourcing its Cedar policy language and authorization engine and Snapchange, an open source snapshot-based fuzzing tool.

Blog: Having fun with seccomp profiles on the edge [Ed: As it is outsourced to Microsoft and the NSA, scepticism is warranted about security merits]

↺ Blog: Having fun with seccomp profiles on the edge

> The Security Profiles Operator (SPO) is a feature-rich operator for Kubernetes to make managing seccomp, SELinux and AppArmor profiles easier than ever. Recording those profiles from scratch is one of the key features of this operator, which usually involves the integration into large CI/CD systems. Being able to test the recording capabilities of the operator in edge cases is one of the recent development efforts of the SPO and makes it excitingly easy to play around with seccomp profiles.

↺ Security Profiles Operator (SPO)

↺ operator

> The v0.8.0 release of the Security Profiles Operator shipped a new command line interface called spoc, a little helper tool for recording and replaying seccomp profiles among various other things that are out of scope of this blog post.

↺ v0.8.0

↺ Security Profiles Operator (SPO)

↺ operator

↺ v0.8.0

Chrome 113 Security Update Patches Critical Vulnerability

↺ Chrome 113 Security Update Patches Critical Vulnerability

> Google has released a Chrome 113 update to patch 12 vulnerabilities, including a critical use-after-free flaw.

Congress looks to expand CISA’s role, adding responsibilities for satellites and open source software [Ed: CISA is infiltrated by Microsoft]

↺ Congress looks to expand CISA’s role, adding responsibilities for satellites and open source software

↺ CISA is infiltrated by Microsoft

> Lawmakers advanced four on Wednesday that would broaden the Cybersecurity and Infrastructure Security Agency's portfolio.

Investors' case against SolarWinds resolved in favour of company

↺ Investors' case against SolarWinds resolved in favour of company

> The Supreme Court of Delaware state ruled on Wednesday that an earlier judgment made by the Delaware Court of Chancery in its memorandum opinion of 6 September 2022 and affirmed in a final order on 13 October 2022 should stand.

Access to Energy Sector ICS/OT Systems Offered on Hacker Forums

↺ Access to Energy Sector ICS/OT Systems Offered on Hacker Forums

> Threat actors have been selling access to energy sector organizations, including ICS and other OT systems, according to a new report from Searchlight Cyber.

Apple Blocked 1.7 Million Applications From App Store in 2022 [Ed: Apple always authorises its own malicious software]

↺ Apple Blocked 1.7 Million Applications From App Store in 2022

> Apple says it rejected 1.7 million applications from being published in the App Store in 2022.

gemini.tuxmachines.org