Security Leftovers

posted by Roy Schestowitz on Feb 19, 2023

• Security updates for Friday

  Security updates have been issued by Debian (webkit2gtk and wpewebkit), Fedora (firefox, phpMyAdmin, tpm2-tools, and tpm2-tss), Slackware (mozilla), SUSE (mozilla-nss, rubygem-actionpack-4_2, rubygem-actionpack-5_1, and tar), and Ubuntu (linux-azure and linux-hwe-5.19).

• New Mirai Malware Variant Targets IoT Devices and Linux Servers [Ed: Targeting bad passwords? Unpatched packages? Or "Linux"?]

• New Mirai botnet variant V3G4 targets Linux servers, IoT devices [Ed: Exploiting long-patched vulnerabilities that aren't even in Linux]

  “The vulnerabilities have less attack complexity than previously observed variants, but they maintain a critical security impact that can lead to remote code execution,” Unit 42 said in its report on the new variant.

• Spain Orders Extradition of British Alleged Hacker to U.S.

• GoDaddy says a multi-year breach hijacked customer websites and accounts

• The Feds Are Launching a Hack Back Squad

  The U.S. says it’s punching back in the digital cold war over emerging technologies with a new “Disruptive Technology Strike Force.”

  “Our goal is simple but essential—to strike back against adversaries trying to siphon off our best technology,” a deputy attorney general said.

• Oops! 'Phishing' scam cost small Ohio city $219,000, finance director his job

  Phishing-scam training has become a commonplace requirement in many workplaces these days. But not everyone is adhering to its lessons.

  When emails from a fake paving company landed in the inbox of an accounting assistant working for a small Ohio city last month, the assistant was hooked.

• Martin Swan

  A former 111 call centre advisor has been found guilty and fined for illegally accessing the medical records of a child and his family.

  Martin Swan, 56, from Pinner, London, worked as a service advisor at the NHS 111 call centre in Southall when he illegally accessed the records.

• Lancashire County Council has referred itself following a data breach

  Lancashire County Council has referred itself to the Information Commissioner's Office following a data breach involving its new HR and finance system.

  At this point there is no evidence that personal data has been publicly available, only that this information has been visible to internal users should someone want to find it.

  This breach occurred as a result of the implementation of the new HR and finance system and not an external cyber attack.

  The system, which was introduced just before Christmas, is used by Lancashire County Council, West Lancashire Borough Council, Lancashire Fire and Rescue Service and Lancashire schools and academies.

• Scots cancer patient hits out after major data breach of medical records at NHS Lothian by staff member

  A Scots cancer patient had hit out after discovering his confidential medical records were 'inappropriately' accessed by a member of NHS Lothian staff amid a major data breach. Martin Laing received a letter from the health board last week informing him of the incident, which is understood to have affected around 90 people.

  The 57-year-old, who is suffering from leukaemia and pancreatic cancer, has spoken to Police Scotland - who are investigating - but feels he has been 'left in the dark' about the circumstances of the breach. Martin, from Blackburn, West Lothian, said: “I’m involved in this through no fault of my own and yet I’m being kept in the dark as to who did it, as to what they were intending on doing or whether they’ve actually done anything with the records already.