This posting is here to collect cyber security news in December 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in December 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
355 Comments
Tomi Engdahl says:
https://www.securityweek.com/data-breach-louisiana-healthcare-provider-impacts-270000-patients
Tomi Engdahl says:
Guardian hit by serious IT incident believed to be ransomware attack
https://www.theguardian.com/media/2022/dec/21/guardian-hit-by-serious-it-incident-believed-to-be-ransomware-attack
Incident has hit parts of media company’s technology infrastructure, with staff told to work from home
Tomi Engdahl says:
https://hackaday.com/2022/12/30/this-week-in-security-adblock-for-security-proxynotshell-lives-and-cvss-10-to-not-worry-about/
LastPass isn’t the only password manager in the news, and the problems found in Passwordstate makes the recent LastPass issues seem like the most minor of inconveniences. Passwordstate is an enterprise solution for password management. Researchers at modzero started with the browser extension, that allows a user to access saved passwords. To authenticate, a token is generated and sent to the server. Turns out, that token is just the username and other user information, XOR’d with a static, universal key. And on the server side, the only check that happens is on the username. So on any Passwordstate install anywhere, if you can talk to the API, and know a valid username, you can pull every password accessible to that account.
Better Make Sure Your Password Manager Is Secure
Or Someone Else Will
https://www.modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html
Tomi Engdahl says:
New Linux malware uses 30 plugin exploits to backdoor WordPress sites
https://www.bleepingcomputer.com/news/security/new-linux-malware-uses-30-plugin-exploits-to-backdoor-wordpress-sites/
Tomi Engdahl says:
https://www.analyticsinsight.net/mysterious-python-package-becomes-a-hazard-for-all-programmers/