Les Bell
Blog entry by Les Bell
Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.
News Stories
Critical Vulnerability in OpenSSL - Patch Due 1 November
According to a tweet from Mark Cox, a Red Hat Distinguished Software Engineer and the Apache Foundation's VP of Security, the OpenSSL team is preparing for the release of version3.0.7, which will fix a CRITICAL vulnerability which is present in versions 3.0.0 through 3.0.6. This is good news for many users, as the most widely-deployed production Linux distributions do not use it - Red Hat Enterprise Linux 8, for example, uses version 1.1.1k.
Admins who are testing more recent versions or have already deployed them will need to proactively patch, though - RHEL 9 runs version 3.0.1.
It's not clear what the underlying vulnerability is, and it will take a little time for threat actors to reverse-engineer the various fixes in 3.0.7 and work out what it is. But it's likely to be serious - by OpenSSL definition, a CRITICAL issue affects common configurations and is also likely to be exploitable.
Vaughan-Nichols, Steven, OpenSSL warns of critical security vulnerability with upcoming patch, ZDnet, 27 October 2022. Available online at https://www.zdnet.com/article/openssl-warns-of-critical-security-vulnerability-with-upcoming-patch/.
British Hacker Arraigned on Charges in US
British hacker Daniel Kaye, a.k.a. "Popopret", "Bestbuy", "TheRealDeal", "Logger", "David Cohen", "Marc Chapon", "UserL0ser", "Spdrman", "Dlinch Kravitz", "Fora Ward", and "Ibrahim Sahil", has been arraigned on charges of access device fraud and money laundering conspiracy in connection with his alleged operation of "The Real Deal", a dark web market for hacking tools and stolen credentials, and his laundering of profits from that market.
'The indictment alleges that Kaye listed for sale on "The Real Deal" login credentials for U.S. government computers belonging to the U.S. Postal Service, the National Oceanic and Atmospheric Administration, the Centers for Disease Control and Prevention, the National Aeronautics and Space Administration, and the U.S. Navy. The indictment further alleges that Kaye, along with an individual (or individuals) known as "thedarkoverlord", trafficked in stolen social security numbers; and that Kaye possessed 15 or more stolen login credentials for Twitter and LinkedIn. Finally, the indictment alleges that Kaye laundered cryptocurrency he obtained from The Real Deal through Bitmixer.io, a website that offered Bitcoin "mixing" services and, through its "mixing" algorithm, sought to keep its users anonymous, private, and immune to Bitcoin blockchain tracing analysis.'
Nonetheless, it seems that the FBI did manage to trace the funds, and Kaye now has been arraigned before US Magistrate Judge Linda T. Walker following his extradition from Cyprus. The FBI was assisted by multiple European police forces.
DoJ US Attorney's Office, Northern District of Georgia, Hacker and Dark Market operator arraigned on federal charges, press release, 26 October 2022. Available online at https://www.justice.gov/usao-ndga/pr/hacker-and-dark-market-operator-arraigned-federal-charges.
Dutch Man Arrested for Healthcare Data Theft
The Dutch police have arrested a 19-year-old man from the town of Krimpen aan den IJssel, near Rotterdam, following a complaint from a healthcare software supplier. It is alleged that the man stole tens of thousands of documents, possibly containing personal and medical data.
The suspect's home was searched and various devices seized for forensic analysis, but until this is completed - a process which could take considerable time - police are unable to determine whether the stolen data was on-sold or distributed. The man was released after question but remains a suspect in the case.
Politie Nederland, Softwareleverancier gehackt, verdachte aangehouden, press release, 25 October 2022. Available online at https://www.politie.nl/nieuws/2022/oktober/25/hack-software-leverancier-verdachte-aangehouden.html.
Australian Privacy Breaches Provide Fodder for Satirists
It being the weekend, let us now turn to lighter topics. Holding to the old adage that if you didn't laugh, you'd cry, Australians have turned to humour as a way of coping with the recent round of data breaches (Optus, Energy Australia, Medibank, Medlab Pathology and others).
The latest offering, by Mark Humphries for ABC TV's 7:30 current affairs program, is presented here for your delight and delectation.
Humphries, Mark, Mark Humphries shares Medibank's apology after hacking scandal | 7.30, video, 28 October 2022. Available online at https://www.youtube.com/watch?embed=no&v=njlvSfuxJi8.
News for CISSP's
Alternative Slate for Upcoming (ISC)2 Election
As those certified by (ISC)2 should know by now, the election for the upcoming vacancies on the Board of the organization will open on 1 November. As previously discussed, the current Board has nominated only five candidates for the five vacancies - a move that renders the election moot - as well as proposing a set of contentious changes to the By-Laws which will further disenfranchise the membership.
Several members who had nominated for Board positions - some of them with previous experience and, more to the point, continued engagement with the members - have asked the voting members to consider them as write-in candidates. With the assistance of Stephen Mencik (one of those stepping forward) I have assembled the following information:
Here are the members asking for your support - and, I would suggest, offering you theirs:
- Wim Remes - Belgium - member number 97080
- Stephen Mencik - US - member number 10288
- Richard Nealon - Republic of Ireland - member number 4205
- Sami O. Koskinen - Finland - member number 54813
- Diana-Lynn Contesti - Canada - member number 5053
For those interested in more information about the five people asking for your write-in votes, here are their information pages:
- For Stephen Mencik - https://sites.google.com/view/smm-petition
The above site was used in an attempt to gain enough petitions to get on the ballot via that route. There are links to his resume and to the skillset questions and answers from the nomination process, and letters of recommendation. Mr. Mencik is ISC2 Member number 10288 and holds CISSP-ISSAP, ISSEP. Mr. Mencik also did most of the work on the counter-proposals for by-laws found at https://jsweb.net/isc2.
- For Diana-Lyn Contesti - https://sites.google.com/site/dlcpetitionboard/home
This site was used by Ms. Contesti in an attempt to gain enough petitions to get on the ballot. It contains a summary of her qualifications. Ms. Contesti is ISC2 member number 5053 and holds CISSP-ISSAP, ISSMP, CSSLP, SSCP.
- For Wim Remes - https://www.be-represented.org/
This site was used by Mr. Remes in an attempt to gain enough petitions to get on the ballot. It contains a summary of his qualifications. Mr. Remes is ISC2 member number 97080 and holds CISSP.
- For Richard Nealon - https://sites.google.com/view/RN-petition-isc2-board
This site was used by Mr. Nealon in an attempt to gain enough petitions to get on the ballot. It contains a summary of his qualifications. Mr. Nealon is ISC2 member number 4205 and holds CISSP-ISSMP, SSCP.
- For Sami O. Koskinen - http://www.linkedin.com/in/sami-koskinen-429624
The link is to Mr. Koskinen's Linked profile, which gives a summary of his qualifications. Mr. Koskinen is ISC2 member number 54813 and holds CISSP-ISSMP.
I would urge all those entitled to vote to visit the pages above and consider carefully before voting.
These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.
Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.