Security updates for Tuesday

Security updates have been issued by CentOS (dnsmasq, net-snmp, and xstream), Debian (mutt), Gentoo (cfitsio, f2fs-tools, freeradius, libvirt, mutt, ncurses, openjpeg, PEAR-Archive_Tar, and qtwebengine), openSUSE (chromium, mutt, stunnel, and virtualbox), Red Hat (cryptsetup, gnome-settings-daemon, and net-snmp), Scientific Linux (xstream), SUSE (postgresql, postgresql12, postgresql13 and rubygem-nokogiri), and Ubuntu (mutt). 

WordPress security & hardening, the definitive guide

WordPress is massively popular. Around every one in five sites on the Internet uses WordPress in some form. Be that to run a humble blog, or a multi-site Content Management System (CMS) or eCommerce site. As a result, it is no surprise that WordPress websites are a very popular target for both experienced hackers and script-kiddies alike.

The last thing any webmaster wants is to find out that their website has been hacked; maybe taken hostage and is part of a botnet, spreading malware, or partaking in Denial of Service (DoS) attacks. In this article we’ll be sharing a number of tips and strategies to help you harden your WordPress website.

The Mozilla Blog: Why getting voting right is hard, Part V: DREs (spoiler: they’re bad)

This is the fifth post in my series on voting systems (catch up on parts I, II, III and IV), focusing on computerized voting machines. The technical term for these is Direct Recording Electronic (DRE) voting systems, but in practice what this means is that you vote on some kind of computer, typically using a touch screen interface. As with precinct-count optical scan, the machine produces a total count, typically recorded on a memory card, printed out on a paper receipt-like tape, or both. These can be sent back to election headquarters, together with the ballots, where they are aggregated.

Jessica Rosenworcel’s appointment is good for the internet

With a new year comes change, and one change we’re glad to see in 2021 is new leadership at the Federal Communications Commission (FCC). On Thursday, Jan. 21, Jessica Rosenworcel, a longtime FCC commissioner, was appointed as acting chair. It’s an important role that will drive policy discussions affecting the internet and all of us who use it. Her appointment gives us hope that under her wing, the agency will develop strong policies that look out for everyday people. Here are a few reasons Jessica Rosenworcel’s appointment is good for the internet.

[...]

We look forward to working with the FCC to reinstate net neutrality protections and close the digital divide. Jessica Rosenworcel’s ascent to acting chair of the FCC bodes well for the future of both issues. And we can imagine a brighter future for a healthy internet if she were to be nominated for the role permanently.

Compute confidently at the Edge with Rancher and Longhorn 1.1 | SUSE Communities

Today’s announcement of Longhorn 1.1, a Cloud Native Computing Foundation (CNCF) Sandbox project, is exciting news for users of Rancher, SUSE’s Kubernetes management platform and the Kubernetes community. Longhorn is an enterprise-grade, cloud native container storage solution that went GA in June 2020. Since then, adoption has increased by 235 percent. Now Longhorn is the first cloud native storage solution designed and built for the edge, with ARM64 support, new self-healing capabilities and increased performance visibility.

Longhorn 1.1 Offers ‘ReadWriteMany’ Support Across Containers

SUSE has announced the release of Longhorn 1.1 which allows DevOps teams to manage persistent data volumes in any Kubernetes environment while bringing an enterprise-grade but vendor neutral approach to cloud-native storage.

Security updates for Monday

Security updates have been issued by Debian (crmsh, debian-security-support, flatpak, gst-plugins-bad1.0, openvswitch, python-bottle, salt, tomcat9, and vlc), Fedora (chromium, python-pillow, sddm, and xen), Gentoo (chromium, dnsmasq, flatpak, glibc, kdeconnect, openjdk, python, thunderbird, virtualbox, and wireshark), Mageia (blosc, crmsh, glibc, perl-DBI, php-oojs-oojs-ui, python-pip, python-urllib3, and undertow), openSUSE (gdk-pixbuf, hawk2, ImageMagick, opera, python-autobahn, viewvc, wavpack, and xstream), Red Hat (dnsmasq), Slackware (seamonkey), SUSE (hawk2, ImageMagick, mutt, permissions, and stunnel), and Ubuntu (pound).

Apache Software Foundation Security Report: 2020

Synopsis: This report explores the state of security across all Apache Software Foundation projects for the calendar year 2020. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues.

Apache Software Foundation Saw Assigned CVEs Up 24%, Security Issues Up 53% For 2020

The Apache Software Foundation that oversees 340+ Apache projects saw a measurable rise in security related issues during the course of 2020.

This new botnet is targeting Linux servers running enterprise apps [Ed: TechRadar foolishly perpetuating ZDNet garbage]

diffoscope 165 released

The diffoscope maintainers are pleased to announce the release of diffoscope version 165. This version includes the following changes:

[ Dimitrios Apostolou ]
* Introduce the --no-acl and --no-xattr arguments [later collapsed to
  --extended-filesystem-attributes] to improve performance.
* Avoid calling the external stat command.

[ Chris Lamb ]
* Collapse --acl and --xattr into --extended-filesystem-attributes to cover
  all of these extended attributes, defaulting the new option to false (ie.
  to not check these very expensive external calls).

[ Mattia Rizzolo ]
* Override several lintian warnings regarding prebuilt binaries in the
* source.
* Add a pytest.ini file to explicitly use Junit's xunit2 format.
* Ignore the Python DeprecationWarning message regarding the `imp` module
  deprecation as it comes from a third-party library.
* debian/rules: filter the content of the d/*.substvars files

SonicWall hardware VPNs hit by worst-case 0-zero-day-exploit attacks

“…have information about hacking of a well-known firewall vendor and other security products by this they are silent and do not release press releases for their clients who are under attack due to several 0 days in particular very large companies are vulnerable technology companies,” BleepingComputer was told via email.

Cyber Firm SonicWall Says It Was Victim of ‘Sophisticated’ Hack

The Silicon Valley-based company said in a statement that the two products compromised provide users with remote access to internal resources.

The attackers exploited so-called “zero days” -- a newly discovered software flaw -- on certain SonicWall remote access products, the company said in a statement.

Former manager of Microsoft Taiwan investigated for fraud

A former manager at the Taiwanese branch of software giant Microsoft was questioned Friday (Jan. 22) about an alleged fraud scam directed against the company.

In 2016 and 2017, Chang Ming-fang (張銘芳) allegedly colluded with managers of other companies to forge orders to obtain discounts and products at lower prices, UDN reported.

School laptops sent by government arrive loaded with malware [iophk: Windows TCO]

A number of the devices were found to be infected with a "self-propagating network worm", according to the forum, and they also appeared to be contacting Russian servers, one teacher wrote. The Windows-based laptops were specifically infected with Gamarue.1, a worm Microsoft identified in 2012.

Ransomware provides the perfect cover

Look at any list of security challenges that CISOs are most concerned about and you’ll consistently find ransomware on them. It’s no wonder: ransomware attacks cripple organizations due to the costs of downtime, recovery, regulatory penalties, and lost revenue. Unfortunately, cybercriminals have added an extra sting to these attacks: they are using ransomware as a smokescreen to divert security teams from other clandestine activities behind the scenes.

Attackers are using the noise of ransomware to their advantage as it provides the perfect cover to distract attention so they can take aim at their real target: exfiltrating IP [sic], research, and other valuable data from the corporate network.

Global ransom DDoS extortionists are retargeting companies

According to Radware, companies that received this letter also received threats in August and September 2020. Security researchers’ analysis of this new wave of ransom letters suggested that the same threat actors from the middle of 2020 are behind these malicious communications.

When the DDoS extortion campaign started in August of 2020, a single Bitcoin was worth approximately $10,000. It’s now worth roughly $30,000. The attackers cited this in the latest round of ransom letters, and it represents the impact the rising price of Bitcoin is having on the threat landscape.

A few hours after receiving the message, organizations were hit by DDoS attacks that exceeded 200 Gbps and lasted over nine hours without slowdown or interruption. A maximum attack size of 237 Gbps was reached with a total duration of nearly 10 hours, the alert warned.

Boeing 737 MAX is a reminder of the REAL problem with software | Stop at Zona-M

And that problem almost never is software.

Security updates for Friday

Security updates have been issued by Debian (drupal7), Fedora (dotnet3.1), Gentoo (zabbix), openSUSE (ImageMagick and python-autobahn), and SUSE (hawk2 and wavpack).

DreamBus, FreakOut Botnets Pose New Threat to Linux... [Ed: How to blame on "Linux" things that have nothing to do with Linux and boil down to negligent or incompetent sysadmins mismanaging things that aren't even Linux]

DreamBus Botnet Targets Linux Systems

Zscaler's ThreatLabz research team is tracking a new botnet dubbed DreamBus that's installing the XMRig cryptominer on powerful enterprise-class Linux and Unix systems with the goal of using their computing power to mine monero.

Hazardous fresh malware marks unpatched Linux machines [Ed: Linux may be patched; the problem is not Linux at all and it is dishonest to blame this on Linux]

Security investigators files report on a fresh malware that marks inadequately configured computer desktops to wrap them into a botnet, that can subsequently be utilized for scandalous objectives or any violations.

As per the reports of the Check Point Research (a.k.a CPR), the malware type, called FreakOut, precisely preys Linux embedded machines that operate unpatched editions of specific application on desktop.

DreamBus Botnet Targets Linux Systems [Ed: No, it targets unpatched software that is not Linux]