Skip to main content
BlogSecurityLinode Security Digest – October 24-31

Linode Security Digest – October 24-31

Linode Security Digest

In the final week of Cybersecurity Awareness Month, we will talk about why cybersecurity should be a primary consideration in all areas of life. We will also discuss how to protect your infrastructure from newly-discovered threats. Lastly, we’re excited to share some information on a new infosec series from HackerSploit designed to help you understand how the bad guys research and try to exploit your systems.

Week 4 – Cybersecurity First

The FBI’s Internet Crime Complaint Center (IC3) received a record number of 791,790 complaints from the American public in 2020, with reported losses exceeding $4.1 billion. According to a report by Accenture, the number of security breaches increased by 67% in the past five years. In 2019’s first quarter alone, hackers have created more than 65 million malware. Cybersecurity is for everyone. We encourage everyone to keep cybersecurity in the forefront of their minds so that we can protect our digital world, whether it’s our workplace, social media, or personal lives. 

At Linode, we codify our security mindset as being methodically paranoid. It simultaneously expresses our collective sense of urgency toward security threats and advocates practicing a set of proven security practices in our security architecture and operations. 

Malware Discovered in Popular NPM Package ua-parser-js

Ua-parser-js is an NPM package that allows users to parse User-Agent data to gather device and software-specific information. This package’s version 0.7.29 contained malware, and two new infected version series were published (0.8.0 and 1.0.0) to widespread the impact.

According to the GitHub Advisory of the package, the affected users should consider their computers fully compromised and should update this package while rotating all the sensitive information/credentials stored on these computers. Removing this package does not guarantee the removal of the malicious software(s) installed by this compromised package. This vulnerability does not affect macOS devices.

Apple Releases Security Updates

Apple recently released multiple security updates for a wide range of devices. The updates include fixes for macOS, iOS, and iPadOS devices. These updates mitigate critical and high severity vulnerabilities that can lead to arbitrary code execution and privilege escalation on outdated systems. Apple recommends their users update their device software to protect against these vulnerabilities.

HackerSploit: Red Team Security Series, Part 2

We’ve collaborated with the popular infosec YouTuber HackerSploit before to share useful and applicable knowledge on securing your Linux servers and Docker instances. Part two of this series, called Red Team Security, expands on this topic to cover the Red Team tactics used by security professionals and malicious hackers. Knowing how bad guys exploit systems is very useful for security professionals trying to protect their systems. You won’t want to miss this, so sign up now.

We share these articles with you so that everyone can take the necessary steps to protect themselves from the various threats and vulnerabilities. We love hearing back from our readers, so please feel free to leave a comment down below.


Comments

Leave a Reply

Your email address will not be published.