Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems.

The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022.

Samba is an open source Windows interoperability suite for Linux, Unix, and macOS operating systems that offers file server, printing, and Active Directory services.

A brief description of each of the weaknesses is below –

images from Hacker News

Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities.

Mandiant, which discovered the “socially engineered supply chain” attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. It’s tracking the threat cluster as UNC4166.

“Upon installation of the compromised software, the malware gathers information on the compromised system and exfiltrates it,” the cybersecurity company said in a technical deep dive published Thursday.

Although the adversarial collective’s provenance is unknown, the intrusions are said to have targeted organizations that were previously victims of disruptive wiper attacks attributed to APT28, a Russian state-sponsored actor.

The ISO file, per the Google-owned threat intelligence firm, was designed to disable the transmission of telemetry data from the infected computer to Microsoft, install PowerShell backdoors, as well as block automatic updates and license verification.

images from Hacker News

A former Twitter employee who was found guilty of spying on behalf of Saudi Arabia by sharing data pertaining to specific individuals has been sentenced to three-and-a-half years in prison.

Ahmad Abouammo, 45, was convicted earlier this August on various criminal counts, including money laundering, fraud, falsifying records, and being an illegal agent of a foreign government.

Abouammo was arrested on November 5, 2019, after being accused of abusing his access to Twitter’s internal systems to gather information about Saudi Arabia’s critics on the social media platform. He was employed at Twitter from 2013 to 2015.

“Mr. Abouammo violated the trust placed on him to protect the privacy of individuals by giving their personal information to a foreign power for profit,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division.

“His conduct was made all the more egregious by the fact that the information was intended to target political dissidents speaking out against that foreign power.”

images from Hacker News

Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad. For example, just recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack.

As usual, everyone cried “foul play” and suggested that proper cybersecurity measures should have been in place. And again, as usual, it all happens a bit too late. There was nothing special or unique about the attack, and it wasn’t the last of its kind either.

So why are we, in IT, still happily whistling into the wind and moving along as if nothing happened? Is everyone’s disaster recovery plan really that good? Are all the security measures in place – and tested?

Let’s Do a Quick Recap (of What You Should Be Doing)

First, cover the basics. Perform proper user training that includes all of the usual: password hygiene, restrictions on account sharing, and clear instructions not to open untrusted emails or to access unscrupulous websites. It’s an inconvenient fact that human actions continue to be the weakest link in cyber defence, but it’s a fact.

Thinking about the infrastructure side, consider proper asset auditing, because you can’t protect what you don’t know exists. As a next step, implement network segmentation to separate all traffic into the smallest possible divisions.

images from Hacker News

GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free.

“Secret scanning alerts notify you directly about leaked secrets in your code,” the company said, adding it’s expected to complete the rollout by the end of January 2023.

Secret scanning is designed to examine repositories for access tokens, private keys, credentials, API keys, and other secrets in over 200 formats that may have been accidentally committed, and generate alerts to prevent their misuse.

The security option was previously limited to repositories owned by organizations that use GitHub Enterprise Cloud and have a GitHub Advanced Security license.

images from Hacker News