Security Leftovers

posted by Roy Schestowitz on May 24, 2023,
updated May 24, 2023

• Security updates for Tuesday [LWN.net]

  Security updates have been issued by Debian (node-nth-check), Mageia (mariadb and python-reportlab), Slackware (c-ares), SUSE (geoipupdate and qt6-svg), and Ubuntu (linux, linux-aws, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-bluefield, linux-gcp, linux-hwe, linux-raspi2, linux-snapdragon, and linux-gcp, linux-hwe-5.19).

• IT employee impersonates ransomware gang to extort employer

  A 28-year-old United Kingdom man from Fleetwood, Hertfordshire, has been convicted of unauthorized computer access with criminal intent and blackmailing his employer.

  A press release published yesterday by the South East Regional Organised Crime Unit (SEROCU) explains that in February 2018, the convicted man, Ashley Liles, worked as an IT Security Analyst at an Oxford-based company that suffered a ransomware attack.

• After ransomware attack, state’s second-largest health insurer says patient data stolen

  Point32Health says current and former members of Harvard Pilgrim Health Care may have been affected

• Update: NCB Management Services breach affected more than 1 million, but how many more? (1)

  On April 11, DataBreaches reported that a breach involving NCB Management had affected 494,969 Bank of America customers with past-due credit card accounts. At first glance, it appeared that the Pennsylvania collections firm had reported the breach to the Maine Attorney General’s Office, but closer attention revealed that it was Bank of America’s external counsel who had notified Maine. And after reviewing the sample letter to consumers more, DataBreaches began to suspect that Bank of America had written the letter that went out over NCB’s unsigned signature. The more DataBreaches looked at the situation and letter, the more questions it raised about whether the half a million Bank of America customers were only a subset of a much larger pool of breach victims, and whether this had been a hack where NCB paid some ransom to get “assurances.”

• CO: SECOP II platform affected by “presumed hacking”

  The SECOP II platform is a transactional platform with accounts for state entities and contractors used for submitting, evaluating, and awarding contracts. On May 3, La Agencia Nacional de Contratación Pública – Colombia Compra Eficiente reported a cyberattack on its SECOP II platform.

  [...]

  Clarin reported that a letter the agency sent its employees called it a ransomware attack. “Now, to release the systems, the hackers would be demanding no more and no less than a sum of 2.5 million dollars,” the agency wrote.

• Insurance Information Bureau Of India Hit by Ransomware Attack: Russian Hackers Demand $250,000 As Ransom

  In a shocking turn of events, the Insurance Information Bureau of India (IIB) fell victim to a ransomware attack on April 2, 2023. The attack left nearly 30 server systems encrypted, rendering the agency’s data inaccessible.

  Initially, IIB officials chose to keep the attack under wraps. However, as the severity of the situation became apparent, they eventually filed a complaint with the Cyberabad police. The investigation conducted by the police has identified the hackers responsible for the attack as a group from Russia.

Windows TCO:

• After ransomware attack, state’s second-largest health insurer says patient data stolen

  The parent company of Tufts Health Plan and Harvard Pilgrim Health Care said on Tuesday that cyber criminals had likely copied and taken data from Harvard Pilgrim’s systems between March 28 and April 17, and that it has begun to notify subscribers their information may have been compromised.