Security Leftovers

posted by Roy Schestowitz on May 08, 2023

• Kabarak University ICT Manager suspended after uni’s Facebook account was hijacked

  Kabarak University has announced the way forward after its Facebook account was seized by a group of cyber criminals that has been using the same to spread malicious and misleading images and content that contravenes the institution’s Christian values.

  A statement released by the university’s Vice Chancellor, Prof. Henry Kiplangat assured all stakeholders that all necessary measures have been taken to regain control of the page and prevent any further unauthorized access.

• Murfreesboro Medical Clinic reopens some, but not all, services. Attack appears to be work of BianLian.

  On April 22, the Murfreesboro Medical Clinic in Tennessee suffered a ransomware attack that resulted in them having to shut down all operations on May 1-3 to limit the spread of the attack. The clinic’s statement was previously reported on DataBreaches.net.

• Avos Locker starts leaking student data from Bluefield College; claims to still have access

  The situation with the ransomware attack on Bluefield University continues to escalate. The attack by Avos Locker occurred on April 30. On May 1, the attackers used the college’s RAMAlert emergency system to blast messages to all students informing them of the breach and threatening to leak their data if the college didn’t pay them. Avos added to the pressure by posting a sample of student files with personal information on their leak site. The sample appeared to contain more than two dozen student records from 2018 and 2019. DataBreaches verified a sample of the records and confirmed by a Google search that people with those names lived in the West Virginia and Virginia areas. DataBreaches did not attempt to contact the former students directly at this time.

• Roskomnadzor’s structure was fined for improperly divulging employee information

  The Main Radio Frequency Center under Roskomnadzor was fined for leaking employee data, according to the records in the Justice of the Peace file cabinet No. 456. A notice regarding the judgment “on the imposition of a administrative penalty” appeared in the file cabinet on May 2, but the substance of the decision has not been released.

  The Belarusian hacker group “Cyberpartisans” accessed the GRFC network in the autumn of last year, according to a Telegram message. They claimed to be able to access employees’ work computers and damage the GRFC infrastructure.

• Episode 374 – The event we called left-pad, Episode 77 remaster part 1

  Josh and Kurt revisit Episode 77, which was named “npm and the supply chain” but was a discussion about the incident we all know now as “leftpad”. We didn’t understand what was happening at the time, but this would become an event we talk about for years to come. It’s shocking how many of the things we discuss are still completely valid five years later.

• Thorsten Alteholz: My Debian Activities in April 2023

  FTP master

  This month I accepted 103 and rejected 11 packages. The overall number of packages that got accepted was 103.

  Debian LTS

  This was my hundred-sixth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian. 

  This month my all in all workload has been 14h.

  During that time I uploaded: [...]

• TikTok has some worrying security flaws that could leave your activity open to anyone

  Cybersecurity researchers from Imperva have uncovered a flaw in the popular social media app TikTok which could have allowed threat actors to exfiltrate sensitive data from victim devices to be used in identity theft attacks, phishing, or for blackmail.

• Cyberattacks increase exploitation of trust in Microsoft, Adobe: report

  “Scammers are sending out Microsoft OneNote files as email attachments to victims. When someone opens the attachment, it triggers the download of malware onto a device. Avast has spotted malware such as Qbot and Raccoon using this distribution technique to steal information, and has also observed IcedID, a banking Trojan, using OneNote attachments to steal money. During Q1 of 2023, Avast protected more than 47,000 global customers, including 940 in Australia from these types of attacks,” thew security firm further warns.

  “In some cases, Avast researchers also observed cybercriminals exploit Adobe Acrobat Sign by adding malicious links into documents that are sent from legitimate Adobe email addresses. These links prompt victims to download .ZIP files, which contain a variant of the Redline Trojan that can steal passwords, crypto wallets, and more.”