Privatnost i sigurnost podataka i korisnika

[tomek@vz]

Citiraj:

Autor kopija

Secure Boot je najbolja stvar koja se pojavila na security sceni u zadnjem desetljeću.
Možda i jedina vrijedna pomena.

Implicirao sam da je u ono vrijeme implementacija ovakvih pi*darija od strane proizvođača bila , barem po mom sjećanju nemoguća. Ne kažem da je UEFI u kombinaciji sa Secure Boot-om loš već da je nov, moderniji sustav omogućio ovu negativnu stranu koja zapravo otvara nove i sofisticiranije vektore napada - kao što vidimo iz priloženog. Postavlja se pitanje - kako ovakvo sranje trajno eliminirati.

[The Exiled]

Nažalost i Secure Boot je veselje samo po sebi.

• New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
  
• New Secure Boot flaw lets attackers install bootkit malware, patch now
  
• PKfail Secure Boot bypass lets attackers install UEFI malware
  
• PKfail Secure Boot bypass remains a significant risk two months later

Citiraj:

Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware.
The flaw affects nearly every system that trusts Microsoft's "UEFI CA 2011" certificate, which is pretty much all hardware that supports Secure Boot.

[mkey]

Citiraj:

Autor Tajl3r

Ma to je mala beba za našeg teslu Ercegovca

Eee, neće da može. Musk je CEO 7 ogromnih i manjih kompanija, ima određenu političku karijeru a uz to je pro gamer koji igra preko deset sati na dan. Mate će ipak morati pojesti još dosta palente da dođe igdje blizu tog nivoa.

[The Exiled]

Musk se s tim pro-gamer pričama sjebal onog trena kad nije skužil s kim točno ima posla, pa nije dugo trebalo da mu cijeli Internet rastavi sve (1 - 2) na sastavne dijelove. Nakon toga su samo nastavili dalje s ostalim poslovnim poduhvatima koje Musk uvijek ponosno ističe i non-stop naglašava, pa je ko bi rekel ispalo da tip laže čim zine. PR bajke o uspješnom geniju i gameru su svih ovih godina bile OK štivo, dokle god se nije upustil u političke vode (1 - 2), samo da bi ga naposljetku potjerali podvijena repa. Obzirom na aktualnu Epstein situaciju dobro bude, ako se Musk jednog dana ne probudi mrtav ili slučajno padne kroz prozor prilikom logiranja na popularnu društvenu mrežu, jer zamjenu su mu već našli.

Citiraj:

Citiraj:

Citiraj:

Citiraj:

[mkey]

On bi možda mogao ispasti iz SpaceX rakete. Ili nastradati u brutalno gorećoj Tesli.

[The Exiled]

Ništa čudno ne bi bilo.

[tomek@vz]

Citiraj:

"Anybody who's got a hosted SharePoint server has got a problem," the senior VP of cybersecurity firm CrowdStrike told the Washington Post. "It's a significant vulnerability."

And it's led to a new "global attack on government agencies and businesses" in the last few days, according to the article, "breaching U.S. federal and state agencies, universities, energy companies and an Asian telecommunications company, according to state officials and private researchers..."

"Tens of thousands of such servers are at risk, experts said, and Microsoft has issued no patch for the flaw, leaving victims around the world scrambling to respond." (Microsoft says they are "working on" security updates "for supported versions of SharePoint 2019 and SharePoint 2016," offering various mitigation suggestions, and CISA has released their own recommendations.)

From the Washington Post's article Sunday:
Microsoft has suggested that users make modifications to SharePoint server programs or simply unplug them from the internet to stanch the breach. Microsoft issued an alert to customers but declined to comment further... "We are seeing attempts to exploit thousands of SharePoint servers globally before a patch is available," said Pete Renals, a senior manager with Palo Alto Networks' Unit 42. "We have identified dozens of compromised organizations spanning both commercial and government sectors.''

With access to these servers, which often connect to Outlook email, Teams and other core services, a breach can lead to theft of sensitive data as well as password harvesting, Netherlands-based research company Eye Security noted. What's also alarming, researchers said, is that the hackers have gained access to keys that may allow them to regain entry even after a system is patched. "So pushing out a patch on Monday or Tuesday doesn't help anybody who's been compromised in the past 72 hours," said one researcher, who spoke on the condition of anonymity because a federal investigation is ongoing.

The breaches occurred after Microsoft fixed a security flaw this month. The attackers realized they could use a similar vulnerability, according to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. CISA spokeswoman Marci McCarthy said the agency was alerted to the issue Friday by a cyber research firm and immediately contacted Microsoft... The nonprofit Center for Internet Security, which staffs an information-sharing group for state and local governments, notified about 100 organizations that they were vulnerable and potentially compromised, said Randy Rose, the organization's vice president. Those warned included public schools and universities. Others that were breached included a government agency in Spain, a local agency in Albuquerque and a university in Brazil, security researchers said.

But there's many more breaches, according to the article:
"Eye Security said it has tracked more than 50 breaches, including at an energy company in a large state and several European government agencies."
"At least two U.S. federal agencies have seen their servers breached, according to researchers."
"One state official in the eastern U.S. said the attackers had 'hijacked' a repository of documents provided to the public to help residents understand how their government works. The agency involved can no longer access the material..."
"It was not immediately clear who is behind the hacking of global reach or what its ultimate goal is. One private research company found the hackers targeting servers in China..."

> Slashdot

[medo]

[QUOTE=The Exiled;3813501]Nažalost i Secure Boot je veselje samo po sebi.

Citiraj:

Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware.
The flaw affects nearly every system that trusts Microsoft's "UEFI CA 2011" certificate, which is pretty much all hardware that supports Secure Boot.

To je upravo ono o čemu sam već pričao. Dokle god ne budemo mogli potpisivati certove sa našima CA-ovima to je banana.

[strikoo]

Citiraj:

Autor tomek@vz

> Slashdot

nocas izdan patch

https://msrc.microsoft.com/blog/2025...ve-2025-53770/

[Night]

Citiraj:

Autor Ivo_Strojnica

kažeš "hakiraju nas, ali nismo skroz sigurni, jer ne ostavljaju tragove"

No ono šta mi je super je kako oni ne hakiraju kineze.
Stvarno benigni narod.

Amerika : Kina nas hakira, kmeee.
Također Amerika : How the NSA Hacked Huawei: Operation Shotgiant - https://www.youtube.com/watch?v=aQNgelm7JeE

[tomek@vz]

Citiraj:

Hackers are hiding malware inside DNS records, allowing malicious code to bypass security defenses that typically monitor web and email traffic. DomainTools researchers discovered the technique being used to host Joke Screenmate malware, with binary files converted to hexadecimal format and broken into chunks stored in TXT records across subdomains of whitetreecollective[.]com.

Attackers retrieve the chunks through DNS requests and reassemble them into executable malware. The method exploits a blind spot in security monitoring, as DNS traffic often goes unscrutinized compared to other network activity.

[domy_os]

Citiraj:

AGENCIJA za zaštitu osobnih podataka (AZOP) izrekla je HEP-Toplinarstvu kaznu od 320.000 eura zbog toga što su lozinke korisnika portala „Moj račun" bile pohranjene u čitljivom obliku, čime su korisnici izloženi ozbiljnom riziku neovlaštenog pristupa i moguće zloporabe.

https://www.index.hr/vijesti/clanak/...a/2692565.aspx

Možemo očekivati porast cijena grijanja, pogotovo što zaštićene cijene traju do 30.09.2025. i onda pred zimu ide udar.

[tomek@vz]

Citiraj:

Autor domy_os

https://www.index.hr/vijesti/clanak/...a/2692565.aspx

Možemo očekivati porast cijena grijanja, pogotovo što zaštićene cijene traju do 30.09.2025. i onda pred zimu ide udar.

Postavlja se pitanje dali je do neznanja/nemara IT odjela ili Managementa.

Hovewer...

Citiraj:

Google has announced OSS Rebuild, a new project designed to detect supply chain attacks in open source software by independently reproducing and verifying package builds across major repositories. The initiative, unveiled by the company's Open Source Security Team, targets PyPI (Python), npm (JavaScript/TypeScript), and Crates.io (Rust) packages.

The system, the company said, automatically creates standardized build environments to rebuild packages and compare them against published versions. OSS Rebuild generates SLSA Provenance attestations for thousands of packages, meeting SLSA Build Level 3 requirements without requiring publisher intervention. The project can identify three classes of compromise: unsubmitted source code not present in public repositories, build environment tampering, and sophisticated backdoors that exhibit unusual execution patterns during builds.

Google cited recent real-world attacks including solana/webjs (2024), tj-actions/changed-files (2025), and xz-utils (2024) as examples of threats the system addresses. Open source components now account for 77% of modern applications with an estimated value exceeding $12 trillion. The project builds on Google's hosted infrastructure model previously used for OSS Fuzz memory issue detection.

[Bubba]

Citiraj:

Autor domy_os

Možemo očekivati porast cijena grijanja, pogotovo što zaštićene cijene traju do 30.09.2025. i onda pred zimu ide udar.

Ja nisam pravnik pa mozda nemam dobar uvid u (pravni) slijed, ali:

a) pajdo ih je prijavio jer su mu poslali lozinku u tekstu
b) Agencija za maglu i patente je kaznila stetnika, koji je radnju (ili nedostatak iste) napravio protiv ostecenog, direktno
c1) naknada za prouzrocenu stetu pajdi i ostalima na HEP toplinarstvu - 0
c2) primitak u drzavni proracun - 320k
c3) predpostavka - nitko u HEP Toplinarstvu nece snositi posljedice

Nastavno na tvoj stos kojeg sam citirao - pajdo je zavio u crno sve korisnike HEP Toplinarstva jer imaju 320k manje u kasi pa sad to mogu prebiti jednio preko onih kojima su zapravo nastetili.

[medo]

Citiraj:

Autor domy_os

https://www.index.hr/vijesti/clanak/...a/2692565.aspx

Možemo očekivati porast cijena grijanja, pogotovo što zaštićene cijene traju do 30.09.2025. i onda pred zimu ide udar.

Falilo je njima po nekoliko redova veličine više između prihoda i rashoda. Ovo neće ni primjetiti da im fali

Ali da, nitko neće odgovarati imenom i prezimenom.

[kopija]

Želim znati, volim čitati.
Svi ste u krivu i u pravu, donekle.
A mislite da ste u pravu.

[tomek@vz]

Citiraj:

Autor kopija

Želim znati, volim čitati.
Svi ste u krivu i u pravu, donekle.
A mislite da ste u pravu.

Citiraj:

Informacijsko komunikacijska tvrtka kažnjena s 50.000,00 eura

Znači externa firma. Dobro da piše u tekstu koja.

[kopija]

Pa da firma propadne i ljudi izgube posao?

[tomek@vz]

Citiraj:

Autor kopija

Pa da firma propadne i ljudi izgube posao?

Ha gle - možda ne da firma propadne ali da ostali znaju sa kime imaju posla. Jer iskreno ako rade tako loš posao onda ga ne zaslužuju. Ovaj put su samo dobili po prstima jer nije bilo eksploatacije baze podataka i ništa loše se nije dogodilo. Ali takve stvari se mogu okrenuti u jako lošem smjeru vrlo brzo...

Citiraj:

One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work. KNP -- a Northamptonshire transport company -- is just one of tens of thousands of UK businesses that have been hit by such attacks. Big names such as M&S, Co-op and Harrods have all been attacked in recent months. The chief executive of Co-op confirmed last week that all 6.5 million of its members had had their data stolen. In KNP's case, it's thought the hackers managed to gain entry to the computer system by guessing an employee's password, after which they encrypted the company's data and locked its internal systems. KNP director Paul Abbott says he hasn't told the employee that their compromised password most likely led to the destruction of the company. "Would you want to know if it was you?" he asks. "We need organizations to take steps to secure their systems, to secure their businesses," says Richard Horne CEO of the National Cyber Security Centre (NCSC) -- where Panorama has been given exclusive access to the team battling international ransomware gangs.
A gang of hackers, known as Akira, broke into the company's system and demanded a payment to restore the data. "The hackers didn't name a price, but a specialist ransomware negotiation firm estimated the sum could be as much as 5 million pounds," reports the BBC. "KNP didn't have that kind of money. In the end all the data was lost, and the company went under."

Ja gledam sa svog stajališta kao IT-evca koji nema veze sa sigurnosnim odjelom ali baš zato što sam svjestan opasnosti za sustave koje administriram gledam da sve što implementiram bude bar kolko tolko sigurno nakon informiranja po netu i konzultacije sa dečkima kojima je to dnevni kruh i uvijek upozoravam klijenta na moguće posljedice ako idemo linijom manjeg otpora i "just do it". Ovak nekaj je ta firma trebala skužiti i barem pismeno prezentirati Termoplinu zajedno sa prezentacijim potencijalno sigurnijeg riješenja. Ako bi onda to Termoplinov Management odbio, imaju barem opravdanje i čist obraz. Na ovaj način ili nisu skužili ili im je bilo svejedno. A to su najgori Informatičari i ne zaslužuju taj posao.

[Bubba]

Citiraj:

Autor kopija

Želim znati, volim čitati.
Svi ste u krivu i u pravu, donekle.
A mislite da ste u pravu.

Opet ponavljam - osteceni su *korisnici* usluge, koji nisu dobili nikakvu naknadu za stetne radnje, nego ju je u dzep potrpao HNB-ov IBAN? Daklem, država je kaznila društvo kojeg ima u 100% vlasništvu na način da je sama sebi isplatila novac.

Romaneskno.

Citiraj:

Autor kopija

Pa da firma propadne i ljudi izgube posao?

LOL

Stvarno nije tesko doci do te informacije; a s obzirom da su prethodne dvije godine imali vise poreza na dobit nego sto im je iskazana kazna, mislim da ih to nece tako jako zaboljeti. A core business im je ionako jedino drzavni aparat. O tempora, o mores...