Security and Windows TCO
-
Security updates for Friday [LWN.net]
Security updates have been issued by Debian (chromium, openjdk-17, and wireshark), Fedora (iniparser, mariadb, mingw-glib2, perl-HTML-StripScripts, php, python3.7, and syncthing), Oracle (.NET 6.0, c-ares, kernel, nodejs, and python3.9), Slackware (libX11), SUSE (amazon-ssm-agent and chromium), and Ubuntu (gsasl, libx11, and sssd).
-
SEC Delays Cybersecurity Rules
Earlier this week, the Securities and Exchange Commission (“SEC”) published an update to its rulemaking agenda indicating that it does not plan to approve two proposed cyber rules until at least October 2023 (the agenda’s timeframe is an estimate). The proposed rules in question address disclosure requirements regarding cybersecurity governance and cybersecurity incidents at publicly traded companies and registered investment advisers and funds.
-
Rural hospital cybersecurity protection bill moves forward
The Rural Hospital Cybersecurity Enhancement Act made it out of committee and will now head to the Senate floor.
The bipartisan legislation sponsored by Republican Sen. Josh Hawley and Democratic Sens. Josh Ossof and Gary Peters would require the Cybersecurity and Infrastructure Agency to develop workforce recruitment and cybersecurity training materials for rural hospitals.
-
PRHC reaches $988K proposed settlement for patient privacy breaches in 2011-2012 - Peterborough | Globalnews.ca
A proposed settlement of $988,550 has been reached in a class-action lawsuit relating to patient health records being wrongfully accessed by former employees at the Peterborough Regional Health Centre more than a decade ago.
On Thursday the hospital announced the proposed settlement, noting a court hearing is scheduled on Aug. 30 at 8:30 a.m. to determine whether the settlement will be approved.
-
Detained for DDoS attacks as part of the next edition of the international “Power Off” operation
-
Oregon DMV, Louisiana OMV warn residents of MOVEit data breach
Under Oregon law, some driver information is actually a public record — like an Oregonian’s name, address, phone number, and driver’s record. And under Oregon law, the state can, and actually does, sell that information to certain types of entities. So could criminals set up a fake private investigation service to buy data from the state that could be used in conjunction with the data that has been hacked? Yes, and hopefully the states will be extra diligent about checking the credentials of any entities that apply to purchase public records data, but even without that data, this is a breach where data may be misused.
-
A Russian ransomware gang breaches the Energy Department and other federal agencies
The Department of Energy and several other federal agencies were compromised in a Russian cyber-extortion gang’s global hack of a file-transfer program popular with corporations and governments, but the impact was not expected to be great, Homeland Security officials said Thursday.
But for others among what could be hundreds of victims from industry to higher education — including patrons of at least two state motor vehicle agencies — the hack was beginning to show some serious impacts.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told reporters that unlike the meticulous, stealthy SolarWinds hacking campaign attributed to state-backed Russian intelligence agents that was months in the making, this campaign was short, relatively superficial and caught quickly.
-
Two Energy Department entities breached as part of massive MOVEit compromise
The Cybersecurity and Infrastructure Security Agency said it's working with "several federal agencies" affected by a flaw in the file transfer software.
-
Chinese hackers 'breached hundreds of public, private networks' globally
Suspected state-backed Chinese hackers used a security hole in a popular email security appliance to break into the networks of hundreds of public and private sector organisations globally, nearly a third of them government agencies including foreign ministries, the cybersecurity firm Mandiant said Thursday.
-
Cyber spying campaign linked to China targeting agencies in Hong Kong and Taiwan, report finds
Online attackers with clear links to China are behind a vast cyber espionage campaign targeting government agencies of interest to Beijing, Google subsidiary Mandiant said on Thursday.