Security Leftovers

posted by Roy Schestowitz on Apr 01, 2023

• New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices

  A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS.

• Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor [Ed: Windows has bug doors for the NSA; in this case, the problem isn't Linux but very long-unpatched systems (2021)]

• Security updates for Friday [LWN.net]

  Security updates have been issued by Debian (joblib, json-smart, libmicrohttpd, and xrdp), Fedora (thunderbird and xorg-x11-server-Xwayland), Mageia (dino, perl-Cpanel-JSON-XS, perl-Net-Server, snort, tigervnc/x11-server, and xapian), SUSE (curl, kernel, openssl-1_0_0, and shim), and Ubuntu (glusterfs, linux-gcp-4.15, musl, and xcftools).

• Tracking the Adelanto Healthcare Ventures breach on DataBreaches.net

  At the present time, we do not know numbers affected for each hospital or in total, but that data will also be added to the post as that information becomes available.

• 3CX knew its app was flagged as malicious but took no action for 7 days | Ars Technica

  The support team for 3CX, the VoIP/PBX software provider with more than 600,000 customers and 12 million daily users, was aware its desktop app was being flagged as malware but decided to take no action for a week when it learned it was on the receiving end of a massive supply chain attack, a thread on the company’s community forum shows.

• US commits $25 million to Costa Rica for Conti ransomware recovery [Ed: Microsoft Windows TCO]

  The U.S. government is sending $25 million to the government of Costa Rica to help the country recover from a devastating ransomware attack last year that crippled several key agencies.

  In May 2022, Costa Rica’s newly elected president Rodrigo Chaves declared a state of emergency after the now-defunct Conti ransomware group severely damaged the Ministry of Finance, the Ministry of Public Works and Transport and the Costa Rican Social Security Fund. The gang posted messages openly calling for the overthrow of the government before demanding a $20 million ransom.

• GMH under review for potential HIPAA breach

  The unauthorized access into Guam Memorial Hospital's network is undergoing a detailed review for a possible Health Insurance Portability and Accountability Act or HIPAA breach.

  The information came to light during the public hospital's monthly board meeting Wednesday.

  GMH legal counsel Jeremiah Luther maintains that no patient or employee records were compromised, saying they got lucky.

• ES: Secondary education center hit by Stormous

  After several months out of the public eye, the pro-Russian Stormous Ransomware group reappeared in February. Now they have claimed an attack on a secondary education center, the Instituto De Educación Secundaria Ies Emilio Canalejo Olmeda (IESCO) in Cordoba, Spain.

• Attacked by Vice Society earlier this month, Lewis & Clark finds files with personal information have now been leaked

  It appears that Lewis & Clark in Oregon has been the victim of a ransomware attack by Vice Society.

• Florida city water cyber incident allegedly caused by employee error

  In 2021, news broke of a cyberattack at the Oldsmar, Florida, water treatment plant, an event that sparked fears about the cyber vulnerabilities of critical infrastructure.

  At the time, reports suggested that a worker at the plant saw his computer being remotely accessed and controlled. His mouse moved to open functions to control water treatment protocols, and then the amount of sodium hydroxide, or lye, in the water was changed from about 100 parts per million to 11,100 parts per million. The operator immediately reduced the chemical to the proper level and alerted a supervisor.

  The alleged hack, which gained worldwide publicity from subsequent press conferences given by Pinellas County Sheriff Bob Gualtieri and other leading officials, prompted an investigation led by the FBI and the U.S. Secret Service, as well as a joint federal advisory warning water treatment facility operators of the dangers they faced from hackers and urging them to upgrade their security systems.

  [...]

  Braithwaite said that the various investigations spawned by the incident, including one by the Florida Office of Information Technology, were particularly critical of the staff in Oldsmar, which he said runs its water treatment facility on a network made up of five computers and a couple of iPads.

• Consumer lender TMX discloses data breach impacting 4.8 million people

  TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan have collectively disclosed a data breach that exposed the personal data of 4,822,580 customers.

  TMX is a public financial service that operates equities, fixed income, derivatives, and energy markets exchanges, with a business presence in the United States, Canada, the U.K., Australia, and China.

• “A crucial learning experience.” – ICO calls for highest standards in HIV services after NHS Highland reprimand

  The Information Commissioner’s Office (ICO) has issued a reprimand to NHS Highland for a “serious breach of trust” after a data breach involving those likely to be accessing HIV services.

  The ICO has called for serious improvements to data protection safeguards amongst HIV service providers, stating that there is “simply no excuse”, and that “the stakes are just too high” given the impact on people’s lives.

  A formal reprimand has been issued to NHS Highland, which emailed 37 people likely to be accessing HIV services, inadvertently using CC (carbon copy) instead of BCC (blind carbon copy). The error meant recipients of the email could see the personal email addresses of other people receiving the email, with one person confirming they recognised four other individuals, one of whom was a previous sexual partner.