Security Leftovers
-
Security updates for Friday
Security updates have been issued by Debian (jupyter-core, openssl, and ruby2.5), Fedora (firefox), Mageia (libreoffice, openssl, and python-flask), Red Hat (python and python3), Slackware (mozilla, php8, and python3), SUSE (java-1_8_0-ibm, libcares2, mariadb, and python36), and Ubuntu (linux, linux-aws, linux-kvm, linux-lts-xenial, linux-gke, linux-intel-iotg, linux-raspi, linux-xilinx-zynqmp, and mozjs102).
-
University of Manchester trying to resolve "cyber incident" [Ed: Likely Windows TCO]
The University of Manchester has confirmed experts are working to resolve a “cyber incident”.
On Friday morning, the institution said some of its data had been accessed by an “unauthorised party” and data have “likely been copied”.
The uni said it was working with a number of organisations including the Information Commissioner’s Office, National Cyber Security Centre and National Crime Agency.
-
Hackers Follow Through with Dark Web Threat After Law Firm Rejects Ransom: Enjoy! [Ed: Likely Windows TCO]
A hacking group claiming to be Russian-linked cybercriminals has published sensitive data from one of Australia’s largest law firms, HWL Ebsworth, after the firm refused to pay their ransom demands. The AlphV ransomware gang, also known as BlackCat, announced on the dark web that it had released 1.45 terabytes of data allegedly stolen from HWL Ebsworth in late April. The group claims to have financial and insurance data, credit card information, agreements, and reports. The firm is investigating the claim and has confirmed that it will not submit to the ransom demand.
The hack has caused concern for HWL Ebsworth’s clients, which include ANZ, the South Australian, Queensland, and ACT governments, the Environment and Human Services Department, and the Australian Taxation Office (ATO). The federal government has confirmed that it was a client of the law firm and may have been affected by the breach. The Home Affairs department has set up three “working groups” to respond to the hack, including a specialist legal team and a Sensitive Information Working Group to manage any information exposed in the breach related to vulnerable people, national security, and law enforcement matters.
-
Another hospital hit by ransomware: Columbus Regional Healthcare System in North Carolina hit by Daixin [Ed: Likely Windows TCO]
Columbus Regional Healthcare System (CRHS) is a non-profit organization in North Carolina licensed for 154 beds. The Daixin ransomware group claims that on May 18, they encrypted the hospital’s servers after exfiltrating data and deleting backups.
-
Intellihartx notifies 490,000 patients of Fortra/GoAnywhere breach
Intellihartx LLC in Tennessee is notifying 489,830 of its clients’ patients about the Fortra/GoAnywhere breach by Clop. The types of information that may have been compromised include name, address, medical billing and insurance information, certain medical information such as diagnoses and medication, and demographic information such as date of birth and Social Security number.
-
Russian Nationals Charged With Hacking One Cryptocurrency Exchange and Illicitly Operating Another
According to court documents, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, both Russian nationals, are charged with conspiring to launder approximately 647,000 bitcoins from their hack of Mt. Gox. Bilyuchenko is also charged with conspiring with Alexander Vinnik to operate BTC-e from 2011 to 2017.
-
Cyclops ransomware’s info stealer seeks Windows, Linux system compromise
Cyclops ransomware's info stealer, which is similarly based on the Go programming language as its ransomware's macOS and Linux versions, facilitates the exfiltration of operating system details, computer names, and process counts, as well as .TXT, .PDF, .DOC, .XLS, . PNG, .JPG, and .JPEG files, which are then sent to a remote server, according to an Uptycs report.