Security Leftovers
-
Linux security: your questions, answered
At Canonical, we often get questions about open-source security and of course, Linux security is a common topic. Based on a recent webinar hosted by our security team and an accompanying blog post, we put together the most common questions we receive.
[...]
Are there plans to allow sysadmins to turn off auto updates for snap packages to maintain system stability?
Turning off auto updates is not recommended, as we mentioned earlier about systems being compromised when attackers exploit known vulnerabilities that have not been patched. If you follow a stable track for your snaps then you should only receive important security updates that won’t compromise stability.
-
Why settle for one layer of security when you can have 2FA?
Protecting your online accounts with just a password is like locking your front door with a key: It might keep most people away, but an intruder who’s determined to break in can still force an entry.
-
R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor
Hackers have been exploiting a vulnerability tracked as CVE-2022-36537 to hack hundreds of R1Soft servers.
-
Intel Paid Out Over $4.1 Million via Bug Bounty Program Since 2017
Intel paid out more than $935,000 through its bug bounty program in 2022, but found over half of the vulnerabilities internally.
-
Google Paid Out $12 Million via Bug Bounty Programs in 2022
Google rewarded over 700 researchers in 2022 for contributions to its bug bounty program, with the highest single payout at $605,000.
-
CISA Warns of Two Mitel Vulnerabilities Exploited in Wild
CISA has added two Mitel MiVoice Connect vulnerabilities to its known exploited vulnerabilities catalog and instructed federal agencies to patch them within three weeks.
-
Washington State city allegedly hit by ransomware
The BlackCat ransomware gang (ALPHV) has listed the City of Lakewood, Washington, on its data leak site, urging the affected companies to sue the municipality.
Lakewood is a city in Pierce County, Washington, with a population of over 63,000. BlackCat claimed it had breached Lakewood City Council and stolen over 250GB worth of data.
“Because of their misunderstanding and inability to negotiate, we share information with you,” BlackCat said and shared a link to download 252GB of documents.
-
Trove of L.A. Students’ Mental Health Records Posted to Dark Web After Cyber Hack
Detailed and highly sensitive mental health records of hundreds — and likely thousands — of former Los Angeles students were published online after the city’s school district fell victim to a massive ransomware attack last year, an investigation by The 74 has revealed.
The student psychological evaluations, published to a “dark web” leak site by the Russian-speaking ransomware gang Vice Society, offer a startling degree of personally identifiable information about students who received special education services, including their detailed medical histories, academic performance and disciplinary records.
But people are likely unaware their sensitive information is readily available online because the Los Angeles Unified School District hasn’t alerted them, a district spokesperson confirmed, and leaders haven’t acknowledged the trove of records even exists. In contrast, the district publicly acknowledged last month that the sensitive information of district contractors had been leaked.
-
Lessons From a Ransomware Attack: The Importance of Partnership & Collaboration
Imagine a rural business is the victim of a cyberattack. A nefarious person or group convinces an unsuspecting employee to open an email promising a bonus. Within 12 hours, every piece of technology connected to that network, and every process needed to conduct daily operations, is paralyzed.
Now imagine that business is a hospital. It serves 80,000 people and it’s the only one within 10,000 square miles. Add to the scenario a global pandemic that is steadily ravaging the nation’s healthcare system. On October 27, 2020, Sky Lakes Medical Center went dark.