Security Leftovers

posted by Roy Schestowitz on Apr 06, 2023,
updated Apr 06, 2023

• Security updates for Wednesday [LWN.net]

  Security updates have been issued by Debian (ghostscript and openimageio), Fedora (kernel, rubygem-actioncable, rubygem-actionmailbox, rubygem-actionmailer, rubygem-actionpack, rubygem-actiontext, rubygem-actionview, rubygem-activejob, rubygem-activemodel, rubygem-activerecord, rubygem-activestorage, rubygem-activesupport, rubygem-rails, and rubygem-railties), Oracle (gnutls, httpd, kernel, nodejs:16, nodejs:18, pesign, postgresql:13, tigervnc, and tigervnc, xorg-x11-server), Red Hat (gnutls, httpd, httpd:2.4, kernel, kpatch-patch, pcs, pesign, postgresql:13, tigervnc, and tigervnc, xorg-x11-server), Scientific Linux (httpd and tigervnc, xorg-x11-server), SUSE (aws-efs-utils.11048, libheif, liblouis, openssl, python-cryptography, python-Werkzeug, skopeo, tomcat, and wireshark), and Ubuntu (imagemagick, ipmitool, and node-trim-newlines).

• 2023-03-30 [Older] Ruby 2.7.8 Released

• 2023-03-30 [Older] Ruby 3.0.6 Released

• 2023-03-30 [Older] Ruby 3.1.4 Released

• HIPAA Data Breach Costs Company Nearly $300,000 In DOJ False Claims Act Settlement

• 17 arrests in NL as Operation Cookiemonster takes down hacker site

  Seventeen people have been arrested in the Netherlands has part of a global investigation into a hacker market place named Genesis Market which was offering over two million identities for sale. In the Netherlands itself, tens of thousands of people were in ‘acute danger’ of being targeted, Dutch police said. The operation, described as an ‘unprecedented law enforcement operation’ by European police agency Europol, was led by the FBI and Dutch national force. Operation Cookiemonster led to hundreds of raids in 17 different countries and 119 arrests. Those arrested in the Netherlands were involved in plundering bank accounts, stealing crypto currencies, hijacking people’s online identities and blackmailing companies and private individuals.

• Japan braced for rise in ransomware attacks after data breach

  A hacking attack at Japan’s largest IT company is spilling across the country’s corporate sector, with cyber security experts warning that it could trigger a surge in attempts by organised criminal gangs to extort hefty ransoms from companies and their customers.

  More than 10 Japanese companies have said in the past month that they have been affected by the hacking at Fujitsu, which supplies internet infrastructure to thousands of companies. The attack took place last year and allowed outside access to emails sent through a Fujitsu-based email system.

• Criminal Marketplace Disrupted in International Cyber Operation

  The Justice Department announced today a coordinated international operation against Genesis Market, a criminal online marketplace that advertised and sold packages of account access credentials – such as usernames and passwords for email, bank accounts, and social media – that had been stolen from malware-infected computers around the world.

• Illinois’s Olympia CUSD 16 hit by LockBit3.0 [Ed: Microsoft Windows TCO]

  LockBit3.0 claims to have hit the Olympia CUSD 16 in Illinois. So far, they have posted 4 files as proof, one of which appears to be a screencap of a directory of folders that might relate to Olympia North, Olympia South, and students, and another file with employee health-related information.

• Noteboom – The Law Firm hit by BlackCat

  BlackCat claimed that they had exfiltrated sensitive data such as NDAs, documents from open cases, medical records involved in litigation, and employees’ sensitive data.

• Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

  A quick summary first before the details: This week, the FBI in cooperation with international law enforcement partners took down a notorious marketplace trading in stolen identity data in an effort they've named "Operation Cookie Monster". They've provided millions of impacted email addresses and passwords to Have I Been Pwned (HIBP) so that victims of the incident can discover if they have been exposed. This breach has been flagged as "sensitive" which means it is not publicly searchable, rather you must demonstrate you control the email address being searched before the results are shown. This can be done via the free notification service on HIBP and involves you entering the email address then clicking on the link sent to your inbox. Specific guidance prepared by the FBI in conjunction with the Dutch police on further steps you can take to protect yourself are detailed at the end of this blog post on the gold background. That's the short version, here's the whole story:

• How to Perform a Vulnerability Scan: 4 Steps

  Network vulnerability scanning is the process of pinpointing weaknesses and vulnerabilities across a network, including evaluating network assets like computers and other devices — any potential target that could be exploited by threat actors should be included in these scans.

• How to Perform a Firewall Audit: 6 Steps

  A firewall audit is a multistep process that gives organizations insight into the status and effectiveness of the firewalls installed throughout their network. These audits provide visibility into potential vulnerabilities and the health of connections going to and from firewalls. They also uncover information about firewall changes since the last audit.