Security Leftovers

posted by Roy Schestowitz on Feb 09, 2023

• Security advisory: Qt SQL ODBC driver plugin

  A possible DOS involving the Qt SQL ODBC driver plugin has been found and has been assigned the CVE id CVE-2023-24607.

• SolarWinds and Market Incentives

  In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news.

• 3 ways to apply security patches in Linux

  There are 3 approaches to applying security patches in Linux: manual patching, via package managers, and automatic updates. If you need security patching that can be automated at scale, and audited on the fly with on-demand reports, Landscape has your bases covered.

• CISA Releases Recovery Tool for VMware Ransomware Victims

  The US Cybersecurity and Infrastructure Security Agency (CISA) has published a new script designed to help ransomware victims recover any VMware virtual machines (VMs) impacted by a current global campaign.

• CISA and FBI Release ESXiArgs Ransomware Recovery Guidance

  This advisory describes the ongoing ransomware campaign known as “ESXiArgs.” Malicious cyber actors may be exploiting known vulnerabilities in unpatched and out-of-service or out-of-date versions of VMware ESXi software to gain access to ESXi servers and deploy ESXiArgs ransomware. The ransomware encrypts configuration files on ESXi servers, potentially rendering virtual machines unusable.

• Global ransomware spree infects unpatched VMWare servers. CISA has a fix.

  Ransomware targeting VMware ESXi servers takes advantage of an old vulnerability and has affected more than 3,000 systems worldwide.

• AmerisourceBergen MWI Animal Health hit by Lorenz; Company investigating

  The Lorenz ransomware group has added AmerisourceBergen/MWI Animal Health to their leak site with what teasingly appears to be a lot of data, except there is no key to unlock the leaked files. Those who want the key will have to contact Lorenz and buy the key.

• MA: DotHouse Health discloses data breach but has yet to send letters to patients

  On or about December 10, AlphV (aka BlackCat) added DotHouse Health.org to their leak site, where they attempt to pressure victims into paying any ransom demands. In this case, the threat actors did not post any proof pack, but they claimed to have infiltrated 800 GB of data from the Massachusetts� HIPAA-covered healthcare provider.

• Hidalgo County Adult Probation Office hit by ransomware attack

  The Hidalgo County Adult Probation Office is recovering from a ransomware attack over the weekend.

  The incident happened Saturday but was resolved Monday, Hidalgo County Judge Richard F. Cortez confirmed.

• Hackers hit Vesuvius, UK engineering company shuts down affected systems

  Vesuvius, the London Stock Exchange-listed molten metal flow engineering company, says it has been hit by a cyber attack.

• Russian hackers using new Graphiron information stealer in Ukraine

  The malware uses names such as OfficeTemplate.exe and MicrosoftOfficeDashboard.exe to masquerade as a Microsoft Office component on the breached system.

• Ransomware attack may have caused IT breach that shut all four Cork MTU campuses

  Munster Technological University (MTU) is working with gardaí and the National Cyber Security Centre to establish if a major IT breach that led to the closure of its four Cork campuses is linked to an international ransomware attack on hundreds of organisations.

  MTU’s four Cork campuses will remain closed today and an update is expected later on whether students can return to campus tomorrow as planned.