Tux Machines
Posted by Roy Schestowitz on Feb 28, 2023
=> European Free Software Events: FOSDEM and foss-north (UPDATED) | Red Hat and Fedora Leftovers
=> ↺ OneNote Embedded file abuse
In recent weeks OneNote has gotten a lot of media attention as threat actors are abusing the embedded files feature in OneNote in their phishing campaigns. In this post we will analyze this new way of malware delivery and create a detection rule for it.
=> ↺ Dish Network services remain offline today following suspected cyberattack
Satellite television provider Dish Network Corp. continues to suffer a wide range of outages today after it was hit by a suspected cyberattack. The outage was first detected on Thursday morning,
=> ↺ Hackers Extort Less Money, Are Laid Off as New Tactics Thwart More Ransomware Attacks
Extortion payments from ransomware, a hacking scourge that has crippled hospitals, schools and public infrastructure, fell significantly last year, according to federal officials, cybersecurity analysts and blockchain firms.
After ballooning for years, the amount of money being paid to ransomware criminals dropped in 2022, as did the odds that a victim would pay the criminals who installed the ransomware. With ransomware, hackers lock up a victim’s computer network, encrypting hard drives until victims pay.
=> ↺ LastPass Says DevOps Engineer Home Computer Hacked
LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources.
=> ↺ Cyberattack on Boston Union Results in $6.4M Loss
A cyberattack on the Boston-based Pipefitters Local 537 union’s health fund resulted in the loss of $6.4 million.
=> ↺ ‘PureCrypter’ Downloader Used to Deliver Malware to Governments
Threat actor uses the PureCrypter downloader to deliver malware to government entities in Asia-Pacific and North America.
=> ↺ QNAP Offering $20,000 Rewards via New Bug Bounty Program
New QNAP Systems bug bounty program covers vulnerabilities in applications, cloud services, and operating systems.
=> ↺ Media Giant News Corp Discloses New Details of Data Breach
News Corp says a threat group, previously linked to the Chinese government, had access to its systems for two years before the breach was discovered.
=> ↺ Daniel Lange: Thunderbird gpg key import
5MB (or 4.8MiB) import limit. Sure. My modest pubring (111 keys) is 18MB. The Debian keyring is 28MB.
May be, just may be, add another 0 to that if statement?
So, until that happens, workarounds ...
Export each pubkey into a separate file. The import dialog allows to select them all in one go. But - of course - it will ask confirmation for each. So prepare some valerian tea.
=> ↺ Daniel Lange: Getting gpg to import signatures again
Now the changed defaults in gpg to "mitigate" this issue are trickling down to even the conservative distributions. Debian Bullseye has self-sigs-only on gpg 2.2.27 and it looks like Debian Bookworm will get gpg 2.2.40. This would add import-clean but Daniel Kahn Gillmor patched it out. He argues correctly that this new default could delete data from good locally store pubkeys.
=> ↺ changed defaults in gpg | ↺ patched it out
This all ends in you getting some random combination of self-sigs-only and / or import-clean depending on which Linux distribution and version you happen to use.
=> ↺ changed defaults in gpg | ↺ patched it out
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB