January 2022 – SSL and internet security news

Twelve-Year-Old Linux Vulnerability Discovered and Patched

January 31, 2022 infossl

linux, privilege escalation, rootkits, Security technology, Uncategorized, vulnerabilities

It’s a privilege escalation vulnerability: Linux users on Tuesday got a major dose of bad news — a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system. Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides … Read More “Twelve-Year-Old Linux Vulnerability Discovered and Patched” »

Friday Squid Blogging: Cephalopods Thirty Million Years Older Than Previously Thought

January 28, 2022 infossl

Security technology, squid, Uncategorized

New fossils from Newfoundland push the origins of cephalopods to 522 million years ago. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Tracking Secret German Organizations with Apple AirTags

January 28, 2022 infossl

apple, geolocation, intelligence, Security technology, Uncategorized

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a “good indicator,” would be if … Read More “Tracking Secret German Organizations with Apple AirTags” »

New DeadBolt Ransomware Targets NAT Devices

January 26, 2022 infossl

cyberattack, encryption, ransomware, Security technology, Uncategorized, zero-day

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a .deadbolt file extension. Instead of creating ransom notes in each folder on the device, the QNAP device’s login page is hijacked to display a … Read More “New DeadBolt Ransomware Targets NAT Devices” »

Merck Wins Insurance Lawsuit re NotPetya Attack

January 25, 2022 infossl

courts, cyberattack, data destruction, insurance, russia, Security technology, Uncategorized

The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck suffered US$1.4 billion in business interruption losses from the … Read More “Merck Wins Insurance Lawsuit re NotPetya Attack” »

Linux-Targeted Malware Increased by 35%

January 24, 2022 infossl

linux, malware, Security technology, Uncategorized

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021. Ten times more Mozi malware samples were observed in 2021 compared to 2020. … Read More “Linux-Targeted Malware Increased by 35%” »

San Francisco Police Illegally Spying on Protesters

January 20, 2022 infossl

courts, eff, EPIC, police, privacy, Security technology, surveillance, Uncategorized

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police: This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests. The SFPD also violated San Francisco’s new Surveillance Technology Ordinance. It prohibits city … Read More “San Francisco Police Illegally Spying on Protesters” »

Are Fake COVID Testing Sites Harvesting Data?

January 19, 2022 infossl

COVID-19, data collection, fraud, healthcare, Security technology, Uncategorized

Over the past few weeks, I’ve seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results. Speculation centered around data harvesting, but that didn’t make sense because it was far too labor intensive for … Read More “Are Fake COVID Testing Sites Harvesting Data?” »

UK Government to Launch PR Campaign Undermining End-to-End Encryption

January 18, 2022 infossl

child pornography, children, crypto wars, cybersecurity, encryption, marketing, privacy, propaganda, Security technology, Uncategorized

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!” rhetoric we’re seeing in this current wave of the crypto wars. The technical eavesdropping mechanisms have shifted to client-side scanning, which won’t actually help … Read More “UK Government to Launch PR Campaign Undermining End-to-End Encryption” »

An Examination of the Bug Bounty Marketplace

January 17, 2022 infossl

economics of security, hacking, reports, Security technology, Uncategorized

Here’s a fascinating report: “Bounty Everything: Hackers and the Making of the Global Bug Marketplace.” From a summary: …researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” programs — programs that hire hackers to discover and report bugs or other vulnerabilities in their systems. … Read More “An Examination of the Bug Bounty Marketplace” »