Security Leftovers

posted by Roy Schestowitz on Mar 31, 2023

• Security updates for Thursday [LWN.net]

  Security updates have been issued by Debian (xorg-server and xrdp), Fedora (mingw-python-certifi, mingw-python3, mingw-zstd, moodle, python-cairosvg, python-markdown-it-py, redis, xorg-x11-server, and yarnpkg), Slackware (mozilla and xorg), SUSE (grub2, ldb, samba, libmicrohttpd, python-Werkzeug, rubygem-rack, samba, sudo, testng, tomcat, webkit2gtk3, xorg-x11-server, xstream, and zstd), and Ubuntu (linux, linux-aws, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2, linux-aws-5.4, linux-azure-5.4, linux-gcp-5.4, linux-hwe-5.4, linux-ibm-5.4, linux-oracle-5.4, linux-raspi-5.4, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, php-nette, and xorg-server, xorg-server-hwe-18.04, xwayland).

• X.org vulnerability and releases

  The X.Org project has announced a vulnerability in its X server and Xwayland (CVE-2023-1393).

• Google reveals spyware attack on Android, iOS, and Chrome

  The primary target of this spyware campaign were the unsuspecting users in Italy, Malaysia, and Kazakhstan.

  Google’s Threat Analysis Group (TAG) has discovered two highly-targeted mobile spyware campaigns that use zero-day exploits to deploy surveillance software against iPhone and Android smartphone users.

  Google TAG discovered two “distinct, limited, and highly targeted” campaigns aimed at users of Android, iOS, and Chrome on mobile devices. The campaigns used zero-day and n-day exploits, taking advantage of the period between when vendors release vulnerability fixes and when hardware manufacturers update end-user devices with those patches, creating exploits for unpatched platforms.

• Dutch railway NS warns 780,000 customers about data breach

  The Dutch national railway, NS, has warned about 780,000 customers that their personal data may be involved in a data breach.The train operator works closely with market research firm Blauw. External parties gained access to personal data at via a software supplier for that company. For example, e-mail addresses, telephone numbers or names of train passengers who participated in a satisfaction survey may have been leaked.

  "Depending on the study in which the customer participated, this may concern personal data such as name, e-mail address and telephone number. It does not concern financial data or passwords," the NS said.

• Data stolen from Florida sheriff’s office leaked by LockBit ransomware group [Ed: Microsoft Windows TCO]

  The LockBit ransomware group has leaked data it stole from Washington County Sheriff’s Office in northeastern Florida.

• Hackers compromise 3CX desktop app in a supply chain attack [Ed: Proprietary dumpster fire]

• CA: Video captures thief stealing hundreds of medical records from Sherman Oaks dental office

  Security video captures a thief breaking into a Sherman Oaks dental office and stealing hundreds of files containing patients’ personal information on Thursday.

  The break-in happened at Riverside Dental located on the 12900 block of Riverside Drive just after 3 a.m.

  Surveillance cameras captured the thief entering the office through a broken back window. As he finds the room where medical records are stored on a shelf, he’s seen quickly grabbing large piles of folders and stuffing them into a bag.

• Students’ bank accounts hacked because of ticketing software breach

  Almost a month after attending a concert at Cornell University featuring Beach Bunny — a popular alternative rock band — on Jan. 28, several Ithaca College students’ credit and debit card information was breached and varying amounts of money were stolen.

  On Feb. 24, Information Technology at Cornell University released a security alert informing students that Cornell’s ticketing software partner and vendor, AudienceView, experienced a platform breach that affected ticket buyers beginning in February and some buyers are still losing money because of the breach.

• Hospitals owned by Universal Health Services start filing breach reports about Adelanto HealthCare Ventures breach in 2021

  Happening now: A number of hospitals are filing breach notices this week that appear to be linked to a breach at Adelanto HealthCare Ventures (AHCV) in 2021. The hospitals are all owned by Universal Health Services LLC (UHS).

• Data of 2 million Dutch people leaked, software supplier taken to court

• Nine months after ransomware attack, Atlantic Dialysis Management Services notifies patients and regulators

  In August 2022, DataBreaches reported a ransomware attack on Atlantic Dialysis Management Services (ADMS) by Snatch Team. DataBreaches first learned of the breach in June 2022, when Snatch Team named ADMS on their leak site. Between then and August 16, when DataBreaches reported on the incident, ADMS ignored requests from this site for information about their response to the attack. Even after Snatch Team started leaking data and DataBreaches contacted ADMS again, they did not reply. DataBreaches’ reporting in August 2022 included examples of what had been leaked by then and questioned some of the claims ADMS made in their press release of August 5. DataBreaches reported, in part: