#devuan virtual listo para seguir trabajando en cositas de #hardening #linux la semana que viene.

Toca terminar con algunos parámetros de seguridad del kernel, y algo de autenticación, passwods, PAM y MFA/2FA.

Veremos qué sale 😃

Iré comentando avances por acá, y por supuesto, en las redes de juncotic.com (youtube, linkedin y telegram).

#infosec #ciberseguridad #juncotic #gnu #linux #password #mfa #pam #2fa #auth #kenrel

#Microsoft to enforce #MFA for #Microsoft365 admin center sign-ins

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-enforce-mfa-for-microsoft-365-admin-center-sign-ins/

#cybersecurity

🔐 Cybersécurité & plateformes collaboratives

Un article de Clubic montre comment un cybercriminel a accédé aux systèmes de +50 entreprises via des identifiants compromis, sans MFA.

👉 Dans GoFAST Digital Workplace & GED, il est possible d’intégrer :
• une authentification multifacteur (MFA)
• un SSO connecté à l’annuaire

🔗 https://www.clubic.com/actualite-593845-il-pirate-50-entreprises-en-2026-l-authentification-multi-facteurs-n-est-plus-une-option.html

#GoFAST #GED #Cybersécurité #MFA

Looking for a source or the exact wording

Recently I read a post describing Multi Factor Authentication #mfa as (tongue in cheek)

• Something you forget
• Something you lose
• And something you get chopped off

Does anyone have a source?
#cybersecurity

Wieder ein mahnendes Beispiel: Ohne MFA sind auch self‑hosted Clouds kein sicherer Hafen. 🔐 Betroffen: Owncloud, Nextcloud, Sharefile – Daten von 50 Organisationen im Umlauf. Jetzt MFA aktivieren!
https://www.golem.de/news/dringend-mfa-aktivieren-massenhaft-daten-aus-cloud-instanzen-abgeflossen-2601-203932.html

#CyberSecurity #MFA #SelfHosting #Owncloud #Nextcloud #Infosec #Datenschutz

#ownCloud urges users to enable #MFA after credential theft reports

https://www.bleepingcomputer.com/news/security/owncloud-urges-users-to-enable-mfa-after-credential-theft-reports/

#cybersecurity #DataBreach #HudsonRock

It's been a pretty packed 24 hours in the cyber world, with some critical RCE vulnerabilities under active exploitation, a string of significant breaches impacting UK public sector and a major car manufacturer, and important reminders about MFA. Let's dive in:

Critical RCEs Under Active Exploitation & Patches ⚠️
- Legacy D-Link DSL Routers (CVE-2026-0625): A critical command injection flaw (CVSS 9.3) in the "dnscfg.cgi" endpoint of legacy D-Link DSL gateway routers is being actively exploited. This allows unauthenticated remote attackers to execute arbitrary shell commands, leading to RCE and potential DNS hijacking. Many affected models (DSL-2640B, DSL-2740R, DSL-2780B, DSL-526B) are End-of-Life, meaning no patches are coming – upgrade immediately!
- Veeam Backup & Replication (CVE-2025-59470): Veeam has patched a critical RCE vulnerability (CVSS 9.0, rated high by Veeam due to privilege requirements) in Backup & Replication 13.0.1.180 and earlier. This flaw allows Backup or Tape Operators to achieve RCE as the postgres user. Given VBR's popularity and past targeting by ransomware gangs (Cuba, FIN7, Frag, Akira, Fog), patching is crucial.
- n8n Workflow Automation (CVE-2026-21858): A maximum severity (CVSS 10.0) "Ni8mare" vulnerability in n8n, an open-source workflow automation tool, allows remote, unauthenticated attackers to hijack instances. The flaw is a content-type confusion in how n8n parses data, enabling arbitrary file reading and potential secret exposure or command execution. Over 100,000 vulnerable servers are estimated; update to n8n version 1.121.0 or newer, and restrict public webhook/form endpoints.

📰 The Hacker News | https://thehackernews.com/2026/01/active-exploitation-hits-legacy-d-link.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-veeam-vulnerabilities-expose-backup-servers-to-rce-attacks/
🤫 CyberScoop | https://cyberscoop.com/veeam-backup-replication-security-flaw-remote-code-execution-fix/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/max-severity-ni8mare-flaw-lets-hackers-hijack-n8n-servers/

Major Cyber Incidents and Breaches 🚨
- Jaguar Land Rover (JLR): A September cyberattack, claimed by Scattered Lapsus$ Hunters, severely impacted JLR's Q3 fiscal 2026 results, causing wholesale volumes to plummet by 43.3% and retail sales by 25.1%. The incident halted production for weeks, disrupted global supply chains, and cost the UK economy an estimated £2.1 billion.
- UK Ministry of Justice (MoJ) / Legal Aid Agency (LAA): Despite spending £50 million on cybersecurity, the LAA suffered a "highly sensitive" cyberattack in December 2024 that went undetected until April 2025. The breach compromised legal aid applicant data, causing significant operational disruption and financial overpayments to providers, with recovery expected to take years.
- European Space Agency (ESA): ESA has confirmed another significant security breach, with Scattered Lapsus$ Hunters claiming to have stolen 500 GB of sensitive data, including operational procedures, spacecraft details, and proprietary contractor data (from partners like SpaceX, Airbus). The group alleges the vulnerability remains open, giving them continued access. This follows a December incident where 200 GB of ESA data was listed for sale.
- Higham Lane School: A cyberattack over the Christmas holiday has forced a British high school to delay its reopening, with its entire IT system, including phones, emails, and management systems, taken offline. This follows over 80 ransomware attacks on the UK education sector in 2024.
- Illinois Department of Human Services (IDHS): The IDHS inadvertently exposed personal data of over 700,000 state residents for up to four years by posting it on public mapping websites. The exposed data, including names, addresses, and public benefits status, is protected health information under HIPAA.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/07/jlr_wholesale_volumes/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/07/legal_aid_agency_attack/
🗞️ The Record | https://therecord.media/cyberattack-forces-british-high-school-to-delay-opening
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/07/european_space_agency_breach_criminal_probe/
🗞️ The Record | https://therecord.media/illinois-agency-exposed-data

Threat Actor Activity & Nation-State Operations ⚔️
- DDoSia Hacktivist Tool: Pro-Russian hacktivist group NoName057(16) is leveraging its custom DDoS tool, DDoSia, to conduct sustained, politically motivated attacks against Ukrainian and Western interests. The tool allows volunteers with minimal technical skill to participate in coordinated application-layer and multi-vector DDoS campaigns, often coinciding with geopolitical events.
- China's Cyber Offensive on Taiwan: Taiwan's National Security Bureau reported a 6% increase in Chinese cyberattacks in 2025, with 2.63 million intrusion attempts daily targeting government and critical infrastructure, particularly energy and hospitals. These attacks, often exploiting software/hardware vulnerabilities, are linked to China's political and military coercive actions.

⚫ Dark Reading | https://www.darkreading.com/cyberattacks-data-breaches/ddosia-powers-volunteer-driven-hacktivist-attacks
🤫 CyberScoop | https://cyberscoop.com/taiwan-china-cyberattacks-2025-energy-hospitals-nsb-report/

The Critical Need for MFA 🔒
- ownCloud Credential Theft: File-sharing platform ownCloud is urging its 200 million users to enable Multi-Factor Authentication (MFA) after reports of credential theft. Threat actors, like "Zestix" or "Sentap," are using infostealer malware (RedLine, Lumma, Vidar) to compromise employee devices, then leveraging stolen credentials to access ownCloud, ShareFile, and Nextcloud instances that lack MFA.
- Widespread Cloud Credential Heist: A report by Hudson Rock highlights a "pervasive failure in credential hygiene," where a single threat actor has breached dozens of global organisations by using infostealer-harvested credentials against cloud collaboration platforms without MFA. This underscores that simple security failures, not zero-days, are often the root cause of significant breaches.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/owncloud-urges-users-to-enable-mfa-after-credential-theft-reports/
⚫ Dark Reading | https://www.darkreading.com/cloud-security/lack-mfa-common-thread-vast-cloud-credential-heist

Regulatory Actions & Legal Outcomes ⚖️
- FCC Robocall Penalties: The US Federal Communications Commission (FCC) has finalised new financial penalties for telecoms that submit false, inaccurate, or late reporting to its Robocall Mitigation Database (RMD). Fines include $10,000 for false information and $1,000 for late updates, aiming to combat call spoofing and illegal robocalls. Two-factor authentication has also been added to the RMD.
- Stalkerware Prosecution: Bryan Fleming, creator of the pcTattletale stalkerware, has pleaded guilty in US federal court to selling software designed to intercept communications. This marks only the second successful prosecution of a stalkerware operator since 2014, highlighting a rare but significant legal victory against consumer spyware.

🤫 CyberScoop | https://cyberscoop.com/fcc-finalizes-new-penalties-for-robocall-violators/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/07/stalkerware_slinger_pleads_guilty/
🗞️ The Record | https://therecord.media/stalkerware-guilty-plea-fleming

UK Public Sector Cyber Defence Boost 🛡️
- The UK government has unveiled a new £210 million ($283 million) "Government Cyber Action Plan" to bolster cyber defences across its departments and the wider public sector. The plan includes establishing a dedicated Government Cyber Unit, setting minimum security standards, improving risk visibility, and promoting best practices through a new Software Security Ambassador Scheme. This follows recent legislation to protect critical infrastructure and a ban on ransomware payments for public sector organisations.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/uk-announces-plan-to-strengthen-public-sector-cyber-defenses/

Cyber Landscape Commentary 💭
- AI and the Cybersecurity Workforce: Qualys CEO Sumedh Thakar argues that the cybersecurity industry cannot simply hire its way out of the talent shortage in the AI era. Instead, organisations must leverage AI to automate repetitive tasks and shift towards a proactive Risk Operations Center (ROC) model. He also warns that AI-generated code often contains security flaws, necessitating embedded security in development pipelines.
- Cyber in Military Operations: Speculation surrounds the role of US Cyber Command in a recent military operation in Venezuela that led to the capture of President Nicolás Maduro. While President Trump hinted at "certain expertise" causing power outages, NetBlocks data suggests kinetic attacks could also be responsible. Experts note Venezuela's network infrastructure is a "soft target" for cyber operations.

🤫 CyberScoop | https://cyberscoop.com/cybersecurity-talent-shortage-ai-risk-operations-center-2026-op-ed/
⚫ Dark Reading | https://www.darkreading.com/cybersecurity-operations/cyberattacks-part-military-operation-venezuela/

Other Noteworthy Developments 💡
- HackerOne Bug Bounty Delays: A security researcher, Jakub Ciolek, reported being "ghosted" by HackerOne for months over an $8,500 bug bounty for two high-severity DoS flaws (CVE-2025-59538, CVE-2025-59531) in Argo CD. HackerOne attributed the delay to an "operational backlog," raising concerns about trust and communication in bug bounty programs, especially with increasing AI-generated submissions.
- Microsoft Exchange Online Spam Clamp Scrapped: Microsoft has reversed its controversial plan to impose a 2,000 external recipient rate limit on Exchange Online mailboxes, following significant customer backlash. While the aim was to curb spam and abuse, the limits created operational challenges for legitimate bulk sending. Microsoft plans to develop "smarter, more adaptive approaches."
- Cyber Scam Kingpin Arrested: Cambodian authorities have arrested and extradited to China Chen Zhi, head of the Prince Group conglomerate, who is alleged to be the mastermind behind a multi-billion dollar scam empire. Zhi and 128 entities linked to him were sanctioned by the US and UK for illegal online gambling, sextortion, money laundering, and the trafficking of enslaved workers.
- HSBC App Sideloading Issues: Some HSBC mobile banking customers in the UK are being locked out of the bank's app if they have the Bitwarden password manager installed via an open-source app catalog like F-Droid. HSBC's app security controls appear to flag sideloaded apps as a risk, preventing coexistence with its banking app.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/07/hackerone_ghosted_researcher/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/07/exchange_online_recipient_rate/
🗞️ The Record | https://therecord.media/alleged-cyber-scam-kingpin-cambodia-arrested-extradited
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/07/hsbc_bitwarden_sideloaded/

#CyberSecurity #ThreatIntelligence #Vulnerability #RCE #ActiveExploitation #ZeroDay #CyberAttack #Breach #Ransomware #DDoS #NationState #APT #MFA #CredentialTheft #DataPrivacy #Regulation #UKGov #AI #CyberWarfare #InfoSec

Researchers say a lone attacker accessed internal systems at around 50 companies worldwide using infostealer malware and stolen credentials, often where MFA was not enabled, and is offering the access for sale.

Read: https://hackread.com/lone-hacker-infostealers-global-companies-data/

#CyberSecurity #Infostealers #Malware #MFA #Infosec