Tux Machines

Proprietary and Security Leftovers

Posted by Roy Schestowitz on Apr 19, 2023

=> Programming Leftovers | Raspberry Pi, Laser Cutters, and Arduino

[Repeat] Five months after Crown Point Schools suffered a cyberattack, they still don’t know what happened or what they will do [iophk: Windows TCO]

=> ↺ Five months after Crown Point Schools suffered a cyberattack, they still don’t know what happened or what they will do

In November, Crown Point Community School students returned to classes after a “network outage” incident that the district feared might be a cybersecurity breach.

Crown Point Schools hack investigation still ongoing [iophk: Windows TCO]

=> ↺ Crown Point Schools hack investigation still ongoing

The investigation was aimed at discovering how the outage happened and if any sensitive information was leaked. Parents of CPCSC students have been advised to monitor their financial statements and credit reports for suspicious or unauthorized activity, and place a fraud alert and security freeze on their credit files.

Ransomware [crackers] threatening to leak confidential Dutch football data [iophk: Windows TCO]

=> ↺ Ransomware [crackers] threatening to leak confidential Dutch football data

Lockbit is one of the most active and notorious ransomware groups. According to RTL, they have clear ties to Russia and have attacked hundreds of victims in recent years. It is unclear how much ransom the group demanded from the KNVB, but according to the broadcaster, they are known to demand massive ransoms - millions rather than thousands.

Tech workers face unexpected layoff rebounds [Ed: Former VP of HR at Microsoft has become PR and he's now story-telling in Microsoft-friendly media to prepare people (mentally) for the next wave of layoffs. "Why Massive Layoffs Are Happening And Till When"]

=> ↺ Tech workers face unexpected layoff rebounds

A former Microsoft employee who experienced a layoff in March expressed frustration, stating that they just received the "shock of their life" and didn't need recruiters persistently pushing them to return to the company. Another worker, laid off from Amazon in January, also requested anonymity due to concerns about future job prospects.

They mentioned receiving multiple offers from recruiters specifically seeking people with Amazon experience. In response, this ex-Amazonian sarcastically told the recruiter to inform Amazon that if they wanted an engineer, they shouldn't have fired them.

Giving a Face to the Malware Proxy Service ‘Faceless’

=> ↺ Giving a Face to the Malware Proxy Service ‘Faceless’

For the past seven years, a malware-based proxy service known as “Faceless” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.

Kubernetes 1.27: Efficient SELinux volume relabeling (Beta)

=> ↺ Kubernetes 1.27: Efficient SELinux volume relabeling (Beta)

On Linux with Security-Enhanced Linux (SELinux) enabled, it's traditionally the container runtime that applies SELinux labels to a Pod and all its volumes. Kubernetes only passes the SELinux label from a Pod's securityContext fields to the container runtime.

The container runtime then recursively changes SELinux label on all files that are visible to the Pod's containers. This can be time-consuming if there are many files on the volume, especially when the volume is on a remote filesystem.

If a Pod does not have any SELinux label assigned in Kubernetes API, the container runtime assigns a unique random one, so a process that potentially escapes the container boundary cannot access data of any other container on the host. The container runtime still recursively relabels all pod volumes with this random SELinux label.

IT and Online Services emails used as a ‘phishing strategy’: report

=> ↺ IT and Online Services emails used as a ‘phishing strategy’: report

“Emails that are disguised as coming from an internal source such as the IT department are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as skeptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.”

The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers

=> ↺ The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers

The video showing the man using a Nokia 3310 to start a Toyota is just one of many YouTube videos Motherboard found demonstrating the technique. Others show devices used on Maserati, Land Cruiser, and Lexus-branded vehicles. Multiple websites and Telegram channels advertise the tech for between 2,500 Euro and 18,000 Euro ($2,700 and $19,600). One seller is offering the Nokia 3310 device for 3,500 Euro ($3,800); another advertises it for 4000 Euro ($4,300). Often sellers euphemistically refer to the tech as “emergency start” devices nominally intended for locksmiths. Some of the sites offer tools that may be of use to locksmiths, but legitimate businesses likely have no use for a tool that is hidden inside a phone or other casing.

=> gemini.tuxmachines.org