>The latest APC Smart-UPS models are controlled through a cloud connection...
Why does everything need to be connected to the cloud?
The most I ever felt was needed was to connect it to a USB port so if during an outage the battery got below 20% it would shut off the server before it lost all power.
>Schneider Electric worked in collaboration with Armis to develop patches for the vulnerabilities, which were distributed to customers and are available on the Schneider Electric website.
So, cloud connected but no auto patching for this kind of thing?
>Sophos threat researcher Nick Gregory discovered a hole in Linux's netfilter firewall program that's "exploitable to achieve kernel code execution (via ROP [return-oriented programming]), giving full local privilege escalation, container escape, whatever you want." ZDNet reports: >Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal. [...] This problem exists because netfilter doesn't handle its hardware offload feature correctly. A local, unprivileged attacker can use this to cause a denial-of-service (DoS), execute arbitrary code, and cause general mayhem. Adding insult to injury, this works even if the hardware being attacked doesn't have offload functionality! That's because, as Gregory wrote to a security list, "Despite being in code dealing with hardware offload, this is reachable when targeting network devices that don't have offload functionality (e.g. lo) as the bug is triggered before the rule creation fails." > >This vulnerability is present in the Linux kernel versions 5.4 through 5.6.10. It's listed as Common Vulnerabilities and Exposures (CVE-2022-25636), and with a Common Vulnerability Scoring System (CVSS) score of 7.8), this is a real badie. How bad? In its advisory, Red Hat said, "This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat." So, yes, this is bad. Worse still, it affects recent major distribution releases such as Red Hat Enterprise Linux (RHEL) 8.x; Debian Bullseye; Ubuntu Linux, and SUSE Linux Enterprise 15.3. While the Linux kernel netfilter patch has been made, the patch isn't available yet in all distribution releases.
>Last week Nvidia confirmed that it had been the victim of an internal hack, though it claimed no customer information was compromised. Now we're seeing one of the first effects of the hack on end-users: Nvidia GPU driver packages with malware hidden inside. PCWorld: >While it was always possible for malefactors to host links pretending to be drivers in the hopes of installing viruses, trojans, and other nasty stuff on a user's PC, this situation is more concerning. The hackers appear to have leaked Nvidia's official code signing certificates, a means by which users (and Microsoft) can verify that a downloaded program comes from the publisher it says it's from. That's allowing files containing a host of popular malware suites to be posted and downloaded, bypassing Windows Defender's built-in executable verification and slipping past anti-virus software. BleepingComputer reports that two now-expired (but still usable) verification codes have been compromised and used to deliver remote access trojans. Another example, using the Nvidia verification to sign a fake Windows driver, was also spotted.
>One Twitter user asked Musk if Starlink could face a cyberattack from Russia similar to the one that affected Viasat satellite service. Musk responded, "Almost all Viasat Ukraine user terminals were rendered permanently unusable by a Russian cyberattack on day of invasion, so... yes."
>Various media across Scandinavia and the UK are reporting the emergence of a new Covid variant that is so infectious and spreading so fast that nearly half of all cases in Denmark are now the new mutation, named BA.2, with more than 400 confirmed infections across the UK. > >The new mutation has reportedly also popped up in Norway, Sweden, Singapore and India. > >Reuters reports that UK health authorities are investigating 426 confirmed cases of BA.2 in Britain, while officials in Denmark said that just over 45 per cent of all new infections in the country are now the new variant. > >WHO representatives have rushed to Copenhagen to investigate BA.2, nicknamed ‘stealth Omicron’ in Danish media as the mutation seems to be pushing the Omicron variant aside fairly quickly. >...
>The European Union is interested in building its own recursive DNS service that will be made available to EU institutions and the general public for free. From a report: >The proposed service, named DNS4EU, is currently in a project planning phase, and the EU is looking for partners to help build a sprawling infrastructure to serve all its current 27 member states. EU officials said they started looking into an EU-based centrally-managed DNS service after observing consolidation in the DNS market around a small handful of non-EU operators. "The deployment of DNS4EU aims to address such consolidation of DNS resolution in the hands of few companies, which renders the resolution process itself vulnerable in case of significant events affecting one major provider," officials said in the DNS4EU infrastructure project revealed last week. But EU officials said that other factors also played a role in their decision to build DNS4EU, including cybersecurity and data privacy.
EU wants to build its own DNS infrastructure with built-in filtering capabilities The Record by Recorded Future https://nu.federati.net/url/284702
And then when you get on the "bad" list, good luck getting it fixed...
>If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device. >...
>Compounds in cannabis can prevent infection from the virus that causes Covid-19 by blocking its entry into cells, according to a study published this week by researchers affiliated with Oregon State University. A report on the research, "Cannabinoids Block Cellular Entry of SARS-CoV-2 and the Emerging Variants," was published online on Monday by the Journal of Natural Products. The researchers found that two cannabinoid acids commonly found in hemp varietals of cannabis, cannabigerolic acid, or CBGA, and cannabidiolic acid, also known as CBDA, can bind to the spike protein of SARS-CoV-2, the virus that causes Covid-19. By binding to the spike protein, the compounds can prevent the virus from entering cells and causing infection, potentially offering new avenues to prevent and treat the disease. > >"Orally bioavailable and with a long history of safe human use, these cannabinoids, isolated or in hemp extracts, have the potential to prevent as well as treat infection by SARS-CoV-2," the researchers wrote in an abstract of the study. The study was led by Richard van Breemen, a researcher with Oregon State's Global Hemp Innovation Center in the College of Pharmacy and Linus Pauling Institute, in collaboration with scientists at the Oregon Health & Science University. Van Breeman said that the cannabinoids studied are common and readily available. "These cannabinoid acids are abundant in hemp and in many hemp extracts," van Breemen said, as quoted by local media. "They are not controlled substances like THC, the psychoactive ingredient in marijuana, and have a good safety profile in humans." > >Van Breemen added that CBDA and CBGA blocked the action of emerging variants of the virus that causes Covid-19, saying that "our research showed the hemp compounds were equally effective against variants of SARS-CoV-2, including variant B.1.1.7, which was first detected in the United Kingdom, and variant B.1.351, first detected in South Africa." [...] Although further research is needed, van Breemen noted that study shows the cannabinoids could be developed into drugs to prevent or treat Covid-19. CBDA and CBGA are produced by the hemp plant as precursors to CBD and CBG, which are familiar to many consumers. However, they are different from the acids and are not contained in hemp products." Van Breeman also noted that the research showed the cannabinoids were effective against new variants of the virus, which he said are "one of the primary concerns" in the pandemic for health officials and clinicians.
>Betty White, the self-described "lucky old broad" whose sweetly sarcastic senior citizen characters were a beloved fixture on TV shows and movies such as "The Golden Girls," "Boston Legal" and "Hot in Cleveland," died Friday, her agent and close friend Jeff Witjas told People magazine in a statement. >At 99, she was just weeks away from celebrating her 100th birthday on Jan. 17.
>A security researcher says an internet gateway used by hundreds of hotels to offer and manage their guest Wi-Fi networks has vulnerabilities that could put the personal information of their guests at risk. >...
>A major payroll provider used by thousands of businesses in the United States, including government agencies, is reporting that it expects to be down for “weeks” due to a devastating ransomware attack. > >Kronos, known to be used by several thousand companies ranging from Tesla to National Public Radio (NPR), had its Private Cloud service go offline on Monday. This element is central to its UKG Workforce Central, UKG TeleStaff, and Banking Scheduling Solutions services used to track employee hours and process paychecks. The company confirmed that it had discovered an ongoing ransomware attack on December 11 and had taken the services hosted in Kronos Private Cloud offline as part of its mitigation measures. Kronos did not give a timetable for recovery but said that it expects it to be at least several days, if not weeks, before the services are fully online again. > >Though it has not been confirmed, there is speculation that the notorious Log4Shell vulnerability was involved given that the Kronos cloud services are known to be built on Java to a great degree. >...
>The quartet enjoyed hits like Daydream Believer and I'm A Believer, and starred in their own popular TV sitcom. > >Nesmith wrote tunes like Mary, Mary; Circle Sky; Listen to the Band; and The Girl I Knew Somewhere. > >In a statement to US media, his family said he "passed away this morning in his home, surrounded by family, peacefully and of natural causes". >...
>There have been a number of overview threads on the emerging variant designated as @PangoNetwork lineage B.1.1.529, @nextstrain clade 21K and @WHO Variant of Concern Omicron. I'm not going to attempt to be comprehensive here, but will highlight a few aspects of the data. 1/16
~~
>Growth rate (in absolute terms and relative to Delta) will be become clearer in the following days, but at the moment, I believe we're looking at a variant that potentially has significant immune evasion and that appears to be spreading rapidly. 15/16
>The Hive ransomware gang now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms. > >However, as Slovak internet security firm ESET discovered, Hive's new encryptors are still in development and still lack functionality. > >The Linux variant also proved to be quite buggy during ESET's analysis, with the encryption completely failing when the malware was executed with an explicit path. > >It also comes with support for a single command line parameter (-no-wipe). In contrast, Hive's Windows ransomware comes with up to 5 execution options, including killing processes and skipping disk cleaning, uninteresting files, and older files. > >The ransomware's Linux version also fails to trigger the encryption if executed without root privileges because it attempts to drop the ransom note on compromised devices' root file systems. > >"Just like the Windows version, these variants are written in Golang, but the strings, package names and function names have been obfuscated, likely with gobfuscate," ESET Research Labs said. >...
>The npm package ua-parser-js had three versions published with malicious code. Users of affected versions (0.7.29, 0.8.0, 1.0.0) should upgrade as soon as possible and check their systems for suspicious activity. See this issue for details as they unfold. > >Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
>Halemaʻumaʻu Lava Lake Observations: Lava continues to erupt from two vents within Halemaʻumaʻu crater. Over the past 24 hours, the lava lake level rose approximately 1 meter (3 ft) with a total rise of about 32 meters (105 ft) since lava emerged on September 29.
>Catherine Garland, an astrophysicist, started seeing the problem in 2017. She was teaching an engineering course, and her students were using simulation software to model turbines for jet engines. She’d laid out the assignment clearly, but student after student was calling her over for help. They were all getting the same error message: The program couldn’t find their files. > >Garland thought it would be an easy fix. She asked each student where they’d saved their project. Could they be on the desktop? Perhaps in the shared drive? But over and over, she was met with confusion. “What are you talking about?” multiple students inquired. Not only did they not know where their files were saved — they didn’t understand the question. > >Gradually, Garland came to the same realization that many of her fellow educators have reached in the past four years: the concept of file folders and directories, essential to previous generations’ understanding of computers, is gibberish to many modern students. >...
>Today we are disclosing a critical security issue affecting multiple Matrix clients and libraries including Element (Web/Desktop/Android), FluffyChat, Nheko, Cinny, and SchildiChat. Element on iOS is not affected. > >Specifically, in certain circumstances it may be possible to trick vulnerable clients into disclosing encryption keys for messages previously sent by that client to user accounts later compromised by an attacker. > >Exploiting this vulnerability to read encrypted messages requires gaining control over the recipient’s account. This requires either compromising their credentials directly or compromising their homeserver. > >Thus, the greatest risk is to users who are in encrypted rooms containing malicious servers. Admins of malicious servers could attempt to impersonate their users' devices in order to spy on messages sent by vulnerable clients in that room. > >This is not a vulnerability in the Matrix or Olm/Megolm protocols, nor the libolm implementation. It is an implementation bug in certain Matrix clients and SDKs which support end-to-end encryption (“E2EE”). > >We have no evidence of the vulnerability being exploited in the wild. > >This issue was discovered during an internal audit by Denis Kasak, a security researcher at Element. >...
>A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. > >While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid. > >This leak is a serious incident as the VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware, and perform ransomware attacks. >...