Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jan 10, 2023,

updated Jan 10, 2023

=> Videos: HTOP, Manjaro 21.3.7 KDE Plasma Edition, Support | Android Leftovers

FCC Proposes New Data Breach Rules for Telecoms

=> ↺ FCC Proposes New Data Breach Rules for Telecoms

The U.S. Federal Communications Commission (FCC) has proposed updated rules for how telecoms notify customers of data breaches.

Specifically, the organization proposes “eliminating the current seven business day mandatory waiting period for notifying customers of a breach,” according to the press release.

Current FCC rules, which were adopted in 2007, “require that carriers that have more than 5,000 customers notify the FCC of a data breach within seven days of discovery, while breaches affecting fewer than 5,000 customers must be reported no later than 30 days,” notes CyberScoop.

ChatGPT-Written Malware - Schneier on Security

=> ↺ ChatGPT-Written Malware - Schneier on Security

ChatGPT-generated code isn’t that good, but it’s a start. And the technology will only get better. Where it matters here is that it gives less skilled hackers—script kiddies—new capabilities.

ChatGPT is enabling script kiddies to write functional malware | Ars Technica

=> ↺ ChatGPT is enabling script kiddies to write functional malware | Ars Technica

Researchers at security firm Check Point Research reported Friday that within a few weeks of ChatGPT going live, participants in cybercrime forums—some with little or no coding experience—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks.

Rubenerd: Using scp(1) to transfer multiple files

=> ↺ Rubenerd: Using scp(1) to transfer multiple files

This came up during a customer call last year, where the engineer was running it a few times. On the backend it’s sftp(1) now anyway, as it probably should be.

Security updates for Tuesday [LWN.net]

=> ↺ Security updates for Tuesday [LWN.net]

Security updates have been issued by Debian (libtasn1-6), Fedora (nautilus), Oracle (kernel, kernel-container, nodejs:14, tigervnc, and xorg-x11-server), Red Hat (grub2, nodejs:14, tigervnc, and xorg-x11-server), Scientific Linux (tigervnc and xorg-x11-server), SUSE (systemd), and Ubuntu (firefox, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure, w3m, and webkit2gtk).

UDPATE

3 more:

It’s 2023 And The FCC Only Just Proposed Rules Requiring Telecoms Immediately Inform Consumers When Their Data Is Compromised

=> ↺ It’s 2023 And The FCC Only Just Proposed Rules Requiring Telecoms Immediately Inform Consumers When Their Data Is Compromised

Back in 2015, the nation’s top telecom regulator attempted to create some very basic (by international standards) privacy guidelines for telecom providers, demanding they do things like (gasp) be transparent about the consumer data they were collecting and selling, while also requiring that consumers (gasp) opt in to the sale of any particularly sensitive data.

Identity Thieves Bypassed Experian Security to View Credit Reports

=> ↺ Identity Thieves Bypassed Experian Security to View Credit Reports

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number.

EFF and Partners Call Out Threats to Free Expression in Draft Text as UN Cybersecurity Treaty Negotiations Resume

=> ↺ EFF and Partners Call Out Threats to Free Expression in Draft Text as UN Cybersecurity Treaty Negotiations Resume

=> gemini.tuxmachines.org