Security Leftovers
-
Security updates for Thursday [LWN.net]
Security updates have been issued by Debian (chromium and libapache2-mod-auth-openidc), Fedora (clevis-pin-tpm2, greetd, keyring-ima-signer, libkrun, mirrorlist-server, nispor, nmstate, qt5-qtbase, rust-afterburn, rust-below, rust-bodhi-cli, rust-cargo-c, rust-coreos-installer, rust-fedora-update-feedback, rust-git-delta, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sevctl, rust-tealdeer, and rust-ybaas), Oracle (apr-util, curl, emacs, firefox, kernel, libreswan, mysql, nodejs and nodejs-nodemon, openssh, thunderbird, and webkit2gtk3), Red Hat (apr-util, emacs, firefox, git, jenkins and jenkins-2-plugins, kernel, kpatch-patch, and thunderbird), Scientific Linux (apr-util, firefox, and thunderbird), Slackware (curl), SUSE (cups-filters, curl, java-1_8_0-openjdk, kernel, mysql-connector-java, and ovmf), and Ubuntu (cups-filters, git, linux-gcp-4.15, linux-oracle, linux-raspi, node-minimatch, ruby2.3, ruby2.5, ruby2.7, and runc).
-
A different kind of ransomware demand: Donate to charity to get your data back
A new and increasingly active ransomware group that’s attacked nearly 200 organizations in less than two months has a different spin on its extortion efforts: Don’t pay us, pay a charity.
So far, this unnamed group that is at least publicly claiming to be driven by anti-capitalist sentiment and its own brand of cyber benevolence is largely targeting users Zimbra, an online workplace collaboration tool.
“Unlike traditional ransomware groups, we’re not asking you to send us money,” read the text of one ransom note posted April 2 on an online forum for Zimbra users. “We just dislike corporations and economic inequality. We simply ask that you make a donation to a non-profit that we approve of. It’s a win-win, you can probably get a tax deduction and good PR from your donation if you want.”
The group is using ransomware dubbed MalasLocker by Bleeping Computer, the tech news site that also hosts forums where users began reporting in April that Zimbra had suffered a series of compromises. Separately, users of a dedicated Zimbra forum began complaining about ransomware issues beginning in late March, Bleeping Computer reported.
-
‘Fraud is fun’: Teen hacker charged with breaking into DraftKings accounts leading to theft of $600,000
A boastful teenage hacker has been charged with orchestrating a break-in to the sports betting website DraftKings, which led to $600,000 being drained from hundreds of customer accounts.
Joseph Garrison, 18, of Madison, Wis., is accused of using stolen log-in and password combinations he bought on the dark web to hack his way into 60,000 accounts on DraftKings last November. He then sold the information to others who used it to drain 1,600 customer accounts, federal prosecutors in Manhattan said.
-
Several Louisiana agencies crippled by network outage
Multiple Louisiana state agencies are experiencing a statewide network outage which is causing issues at their field offices across the state.
The network outage has crippled state agencies including The Louisiana Office of Motor Vehicles, the Louisiana Department of Wildlife and Fisheries, the Department of Children and Family Services, and the Department of Health among a growing list of state offices and services.
-
Hacker attack Asl Abruzzo, Guarantor: downloading data is a crime
-
Buckley King law firm hit by BlackBasta
Ransomware groups often promise to keep everything confidential if their victim pays them. They can’t do that if their chats are not secure and someone is able to shoulder-surf or otherwise get access to the negotiations and any files provided by the attackers as proof — or any bitcoin wallet addresses. If victims think or hope that they will be able to keep a breach under wraps and not have to tell anyone, they may be in for a rude awakening. DataBreaches does not know what the victim in this incident intended or intends, but the attack they experienced was publicly revealed by SuspectFile.
-
Indiana University exposes sensitive student data [Ed: Microsoft TCO and clown computing]
Each year, hundreds of institutions across the US and Canada ask their first-year, transfer, and older students to participate in a survey about their prior academic and co-curricular experiences. They also ask them to share their expectations from the coming year.
The survey isn’t anonymous – students are asked to enter their full names and student card numbers. What’s more, participants are asked to specify where they’re going to live during their studies, their sexual orientation, race, and ethnicity. Some of the questions are designed to learn about the psychological well-being of the students. [...] Our researchers stumbled upon two unprotected Azure Storage blogs with over 1.3 million exposed files.