Exaprotect BlogManager

U.S.-CERT is warning of attacks targeting Linux-based infrastructures using compromised SSH keys. After access is gained to the system, local kernel exploits are used to gain root access. A rootkit is then installed to steal more SSH keys. The attack could be related to a flaw affecting Debian-based encryption keys discovered earlier this year.

Read the whole story: http://www.eweek.com/c/a/Security/Attackers-Targeting-Linux-Infrastructures-With-Rootkit-to-Steal-SSH-Keys/

Personal details of more than 1 million customers of Royal Bank of Scotland, American Express and NatWest are found on a computer sold on auction site eBay. RBS said the information included historical data related to credit card applications and data from other banks, but would not disclose further details.The information was being held by archiving firm Graphic Data, which copies paperwork from some of Britain’s biggest financial organisations and stores it digitally.

Read more… http://www.eweek.com/c/a/Security/Bank-Details-of-1-Million-Customers-Sold-on-eBay/

A rare Linux security breach occurred when Red Hat Enterprise Linux and Fedora project servers were compromised by an illegal intrusion. Red Hat advised Red Hat Enterprise Linux and Fedora customers on how to determine if they had been affected. Red Hat security specialists say the Fedora package signing key was not breached.

You want to read the whole article? http://www.sans.org/newsletters/newsbites/newsbites.php?vol=10&issue=67&rss=Y#sID309

The problems of putting sensitive information on an easy-to-lose medium such as disks - and not backing up internal policies with good security practice - were brought sharply into focus by the news that the UK’s HM Revenue and Customs has been involved in one of the world’s biggest ID protection failures.