Security Leftovers

posted by Roy Schestowitz on Apr 28, 2023

• Security updates for Thursday [LWN.net]

  Security updates have been issued by Fedora (chromium, perl-Alien-ProtoBuf, and redis), Oracle (kernel), SUSE (dmidecode, fwupd, libtpms, libxml2, openssl-ibmca, and webkit2gtk3), and Ubuntu (cloud-init, ghostscript, linux, linux-aws, linux-aws-5.15, linux-azure, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, and linux, linux-aws, linux-kvm, linux-lts-xenial).

• Cyberattack disrupts Lowell city government, shuts down computers - CBS Boston

  The city of Lowell is alerting residents to a cyberattack that impacted the municipality’s computer systems starting early on Monday.

  “We realized Monday morning around 3 to 5 a.m. that there was a breach,” said City Manager Tom Golden.

  Golden says that phones, emails and other city systems are down as a result.

• Aeries Settles Data Breach Lawsuit for $1.75M; Illuminate Suit is Dismissed – For Now -- THE Journal

  In a class-action lawsuit filed on behalf of students at San Dieguito Union High School District, a federal judge in March gave final approval to a settlement ordering Aeries Software to pay $1.75 million to members of the class, which includes nearly 100,000 former and current San Dieguito Union students whose PII was compromised in a November 2019 breach of Aeries databases.

  Last week, a proposed national class-action lawsuit filed against Illuminate Education over its January 2022 data breach was dismissed by the same court, the U.S. District Court Central District of California, Western Division. The judge dismissing the lawsuit against Illuminate — formed when civil suits filed last summer in New York and California were combined — wrote in his decision that the plaintiffs did not successful establish standing to sue or that actual harm was imminent, and the court gave the plaintiffs 21 days to amend the complaint and re-file.

• Ransomware attack reported in Spartanburg County, South Carolina

  “We recently detected and responded to a ransomware attack on our computer network. As soon as we learned this, we began working to investigate, to restore operations, and determine the effects of the incident. We are also working with nationally recognized third-party cybersecurity consultants. We continue to actively monitor the situation and are coordinating with law enforcement.

• NYSARC Columbia County Chapter confirms July, 2022 ransomware incident

  Nine months after detecting abnormal activity on their systems, and seven months after first publicly acknowledging a breach, NYSARC Columbia County has issued another press notice.

  Their newest notice is somewhat confusing in that it states that they “will issue notices to affected individuals and relevant state and federal agencies about the incident.” But then in the next paragraph, they state, “While COARC is unaware of any misuse of personal information, out of an abundance of caution, we notified the potentially affected individuals by mail.”

  So have they notified them already or will they first be notifying them?