Security Leftovers
-
Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems [Ed: The issue here is proprietary software with bug doors, not "China" or "Linux"]
-
Chinese hackers use DNS-over-HTTPS for Linux malware communication [Ed: DNS-over-HTTPS was never about security but about outsourcing people's DNS lookups worldwide to surveillance companies like ClownFlare in the United States]
-
Security updates for Thursday [LWN.net]
Security updates have been issued by Debian (webkit2gtk), Fedora (python-django-filter and qt), Mageia (cups, firefox/nss, httpie, thunderbird, and webkit2), Red Hat (.NET 6.0, .NET 7.0, c-ares, firefox, jenkins and jenkins-2-plugins, nodejs, nodejs:18, python3, python3.11, python3.9, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (frr, opensc, python3, and rekor), and Ubuntu (c-ares, glib2.0, libcap2, linux-intel-iotg-5.15, pano13, and requests).
-
EXCLUSIVE – City of Augusta, GA: this is perhaps one of the largest government data thefts in recent years in U.S. [Ed: Microsoft TCO]
We recall that a total of 34,004 documents stolen from the city’s servers, in addition to several hundreds of e-mails present in the e-mail accounts of 12 employees of the Municipality and those present in the 6 Outlook backups.
-
Court unseals long-awaited election security reports [Ed: Windows does not belong in voting machines, ever]
Another report by research nonprofit MITRE — which Dominion Voting Systems brought on to evaluate the Halderman report — downplayed the seriousness of the vulnerabilities, concluding that they were “operationally infeasible.”
-
State governments among victims of MoveIT Transfer breach [Ed: Windows TCO]
Illinois, Minnesota and Missouri state governments are among a growing list of organizations attacked via a critical flaw in Progress Software’s MoveIT Transfer product.
Progress Software on May 31 detailed an SQL injection bug in its managed file transfer (MFT) software MoveIt Transfer. Progress urged customers to immediately apply mitigations for the vulnerability, tracked as CVE-2023-34362, while it worked on a patch, which was released later that day. But as security vendors reported soon after, the critical bug was already under active exploitation in the wild.
A wave of organizations have disclosed data breaches in the wake of CVE-2023-34362 coming to light.
-
Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses [Ed: Instead of going after Microsoft for the back doors they go after someone who may have taken advantage of these because of the nationality]
The Justice Department today announced charges against a Russian national for his involvement in deploying numerous LockBit ransomware and other cyberattacks against victim computer systems in the United States, Asia, Europe, and Africa.
-
Google claims it caught China government hackers redhanded breaking into hundreds of networks around the world [Ed: The problem here is Microsoft, not China]
“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, Mandiant’s chief technical officer, said in a emailed statement. That hack compromised tens of thousands of computers globally.
-
Snooping in Medical Records by Hospital Security Guards Leads to $240,000 HIPAA Settlement
In May 2018, OCR initiated an investigation of Yakima Valley Memorial Hospital following the receipt of a breach notification report, stating that 23 security guards working in the hospital’s emergency department used their login credentials to access patient medical records maintained in Yakima Valley Memorial Hospital’s electronic medical record system without a job-related purpose. The information accessed included names, dates of birth, medical record numbers, addresses, certain notes related to treatment, and insurance information.