Security Leftovers

posted by Roy Schestowitz on Apr 08, 2023

• Security updates for Friday [LWN.net]

  Security updates have been issued by Mageia (ldb/samba, libapreq2, opencontainers-runc, peazip, python-cairosvg, stellarium, and zstd), Oracle (httpd and mod_http2, kernel, and nss), SUSE (conmon, go1.19, go1.20, libgit2, openssl-1_1, and openvswitch), and Ubuntu (emacs24).

• Culbertson Memorial Hospital hit by cyber-attack

  Culbertson Memorial Hospital officials reported Friday the hospital had been the victim of a cyber-attack last week.

  Officials stated they discovered a network disruption at 3 a.m. March 30 that required information systems to be taken offline.

  “This action disabled access to most functions while we investigated the activity,” Culbertson CEO Gregg Snyder said in a statement released Friday afternoon. “We immediately retained third-party specialists to assist us with our investigation.”

• Suspected hacker 'a soldier'

  A hacker who claimed to have obtained the personal data of 55 million Thais is an army officer who appears to have acted alone, authorities said yesterday.

  Chaiwut Thanakamanusorn, minister of Digital Economy and Society, and Pol Lt Gen Worawat Watnakhonbancha, chief of the Cyber Crime Investigation Bureau (CCIB), held a press conference yesterday amid reports that the suspect and his wife had been detained.

• MSI Confirms Cyberattack, Advises Caution With Firmware

  Gaming hardware manufacturer MSI confirmed today that it was the victim of a cyberattack. In a brief statement on its website, the company said that the attack hit "part of its information systems," which have since returned to regular operations.

  The company advises its customers only to get BIOS and firmware updates from the MSI website and no other sources. It's light on details, saying that after "detecting network anomalies," MSI implemented "defense mechanisms and carried out recovery measures," and then informed the the government and law enforcement.

• Proskauer Cyber Attack Left Sensitive Client Data Unguarded

  A data breach at Proskauer Rose exposed client data, including sensitive legal and financial information, the law firm confirmed Friday.

  “Our tech security team recently learned that an outside vendor that we retained to create an information portal on a third-party cloud-based storage platform had not properly secured it,” Joanne Southern, a Proskauer spokeswoman, said via email.

  The breach, which the firm called the result of a cyber attack, was first reported by TechCrunch. Data containing financial and legal documents, contracts, non-disclosure agreements and financial deals were released in the leak, according to the report.

• Aspire Public Schools reveals 2022 breach; Rochester Public Schools dealing with current attack

  Aspire Public Schools in California submitted notifications to at least two state attorneys general. According to its notification, Aspire learned that an unauthorized party gained access to one Aspire email account...

• A Visual Journey Through Computer Setups Revealed by Recent Cybercrime Raids - realhackhistory

  First an admission by me, I’m not a hardware nerd. I know my way around PCs, can swap out parts as needed and can tell a MacBook from a Chrome Book but if you are expecting an exacting breakdown of the computers or tech we’re going to be looking at here you may be disappointed.

  Now that that’s out of the way, I’m fascinated by seeing the behind the scenes of big cybercrime operations, and especially interested in seeing the work spaces of the people involved and the equipment they are working with. Most of these people raided seem to be working from home, and sometimes sharing a living space with other gang member suspects.

• 7×7 Dental Implant & Oral Surgery alleged victim of Abyss ransomware group

  A leak site called “Abyss” recently added 7×7 Dental Implant & Oral Surgery Specialists of San Francisco (7×7) to their site and claimed to have 114 GB of the dental practice’s files. A file tree showing 2,891 directories and 63,557 files was posted as proof of claim.

  Some of the filenames suggest business-related internal documents, while others are likely employee-related files. The bulk of the files appears to be patient-related. Most of these are image files in .jpg or .dcm format. Some .pdf files appear to be referral letters or reports.

• Sentiment recovers $870K after negotiations with hacker

  Lending protocol Sentiment has managed to recover the stolen funds from the recent hack by offering the hacker a bounty worth $95,000.

  In an on-chain transaction on the Arbitrum blockchain, Sentiment sent a message to the hacker offering $95,000 if the hacker returned the funds by April 6, urging the hacker to “do the right thing.“ If the hacker did not return the funds, the protocol also offered the money to anyone who could help find and prosecute the culprit.