Security, Microsoft Windows, and Canonical Promoting Microsoft

posted by Roy Schestowitz on Jun 15, 2023

Security

• Security updates for Wednesday [LWN.net]

  Security updates have been issued by Debian (ffmpeg, owslib, php7.4, and php8.2), Fedora (ntp-refclock, php, and python3.7), Red Hat (c-ares, firefox, and thunderbird), SUSE (kernel, openldap2, and tomcat), and Ubuntu (binutils, dotnet6, dotnet7, node-fetch, and python-tornado).

• The reincarnation of BreachForums: A cyberdrama in three acts

  BreachForums has been reincarnated. But as with all things related to BreachForums, its reincarnation has been accompanied by all kinds of drama.

• Big Law, Big Problems: Fox Rothschild LLP Employees Face Serious Allegations of Malpractice and Criminal Activity

  The following is a law firm-generated press release about a case they have filed. Keeping in mind that a complaint is allegations that have yet to be proven or disproven, DataBreaches has included this item on this site because if true, it would be a case of insider-wrongdoing via misuse of a client’s information.

• VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors

  As Endpoint Detection and Response (EDR) solutions improve malware detection efficacy on Windows and Linux systems, certain state-sponsored threat actors have shifted to developing and deploying malware on systems that do not generally support EDR such as network appliances, SAN arrays, and VMware ESXi hosts.

Windows TCO

• Microsoft identifies new hacking unit within Russian military intelligence [Ed: Microsoft puts back doors in everything. It must not be quoted on security issues. It's trying to deflect (to nations) after its own holes do much damage.]

  Dubbed "Cadet Blizzard," the hacking group carried out operations targeting Ukrainian infrastructure in the run-up to the Russian invasion.

• Microsoft Outs New Russian APT Linked to Wiper Attacks in Ukraine [Ed: Microsoft is the culprit, not the expert or the solution. Delete Microsoft.]

  Microsoft is publicly exposing a Russian hacking group that worked on destructive wiper malware attacks that hit organizations in Ukraine.

• Understanding Ransomware Threat Actors: LockBit [Ed: Microsoft TCO]

  In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. LockBit ransomware operation functions as a Ransomware-as-a-Service (RaaS) model where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure. Due to the large number of unconnected affiliates in the operation, LockBit ransomware attacks vary significantly in observed tactics, techniques, and procedures (TTPs). This variance in observed ransomware TTPs presents a notable challenge for organizations working to maintain network security and protect against a ransomware threat.

• Understanding Ransomware Threat Actors: LockBit

  The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the following international partners, hereafter referred to as “authoring organizations,” are releasing this Cybersecurity Advisory (CSA) detailing observed activity in LockBit ransomware incidents and providing recommended mitigations to enable network defenders to proactively improve their organization’s defenses against this ransomware operation.

• An Illinois hospital is the first health care facility to link its closing to a ransomware attack

  Suzanne Stahl, the chair of SMP Health, the hospital’s parent organization, said last month that the hospital was planning to close this year. “Due to a number of factors, such as the Covid-19 pandemic, the cyberattack on the computer system of St. Margaret’s Health, and a shortage of staff, it has become impossible to sustain our ministry,” she said in a Facebook video.

• Section 702 data helped take down Colonial Pipeline hacker, Biden administration says

  According to Biden administration officials who briefed reporters ahead of that hearing on condition of anonymity, Section 702 of the Foreign Intelligence Surveillance Act allowed the U.S. government to recover the majority of the $4.4 million ransom paid by Colonial Pipeline to the hackers. In another example newly made public, Section 702 data helped the U.S. government to identify and mitigate a 2022 Iranian ransomware attack against a nonprofit, allowing the organization to recover without paying the ransom.

• [Rpeat] Rhysida claims to have attacked Paris High School in Illinois

  Schools continue to be an attractive and all-too-easy target for criminal groups. This week, Rhysida threat actors added Paris High School in Illinois to their leak site as an “auction” item: [...]

• Cyberattack is a factor in Illinois hospital’s closure

  The 2021 cyberattack on St. Margaret’s Health, a hospital in Spring Valley, Illinois, hobbled computer systems for months and prevented it from filing insurance claims, Linda Burt, a hospital vice president, told CNN on Monday.

  “It took months after we went back online to catch up with billing,” Burt said in an email. Other factors in the hospital’s closure were staffing costs brought on by the coronavirus pandemic and supply chain and inflation issues, she said.

• "Microsoft had already loaded Sony's gun" | 10 Years Ago This Month

  Microsoft was coming off a disastrous reveal event for the Xbox One in which it marketed its next-gen gaming console with things that weren't games: specifically, television, sports, and… Skype?

  [...]

  I've never seen a company trash-talked so hard they had an existential crisis before.

• Ubuntu Blog: How we improved testing Ubuntu on WSL – and how you can too! [Ed: Canonical is again pushing Microsoft Windows, proprietary spyware (this was Microsoft's idea; Canonical is just doing what Microsoft tells it to do)]

  As the popularity of Windows Subsystem for Linux increases, the Ubuntu development team is committed to delivering a first class experience for Linux developers on Windows. To achieve this we’ve made improvements to our automated testing workflows via the creation of WSL-specific GitHub actions. In this post, Ubuntu WSL engineer Eduard Gómez Escandell talks us through the motivation for this approach and how you can implement these actions for your own CI workflows.  

  The importance of testing can never be overstated. When you develop a product, the last thing you want is to spend valuable time playing whack-a-mole with bugs or having your inbox flooded by issues asking for help. This importance is not lost on Ubuntu developers, where all packages must pass their test suite before having patches accepted.