Microsoft's Anti-Linux FUD and Security Leftovers
-
Microsoft uncovers cryptojacking ploy used to breach Linux devices [Ed: Microsoft propaganda sites citing Microsoft as "security expert" to demonise Linux and distract from actual bacok doors in Windows. Oh, how Microsoft loves Linux... in this case, the issue is bad passwords]
-
Security updates for Wednesday [LWN.net]
Security updates have been issued by Mageia (docker-docker-registry, libcap, libx11, mediawiki, python-requests, python-tornado, sofia-sip, sqlite, and xonotic), Red Hat (kernel, kernel-rt, kpatch-patch, libssh, libtiff, python27:2.7, python39:3.9, python39-devel:3.9, ruby:2.7, sqlite, systemd, and virt:rhel, virt-devel:rhel), SUSE (bind, cosign, guile1, lilypond, keepass, kubernetes1.24, nodejs16, nodejs18, phpMyAdmin, and sqlite3), and Ubuntu (etcd).
-
HHS Office for Civil Rights Settles HIPAA Investigation with iHealth Solutions Regarding Disclosure of Protected Health Information on an Unsecured Server for $75,000
HHS has announced another Security Rule enforcement action. This one involves iHealth Solutions (dba Advantum Health), a business associate. The incident involved an unsecured server where protected health information of patients was exfiltrated. The iHealth incident had been discovered by Kromtech Security and was first reported by DataBreaches on May 9, 2017. On May 10, DataBreaches reported and discussed iHealth’s response and statement. To DataBreaches’ surprise and irritation, on May 12, this site received legal threat letters from the hospital involved and iHealth. Lawyers at Covington and Burling jumped in to let the threatening parties know that their threats were … shall we say “inappropriate?”
-
National Student Clearinghouse notifies schools of MOVEit breach [Ed: Windows TCO]
On June 24, DataBreaches reported that the National Student Clearinghouse was one of the victims of the MOVEit breach by Clop, In that report, DataBreaches stated that the clearinghouse’s statements to date had not indicated whether they had paid any ransom demand, but DataBreaches had learned that their name had been removed from Clop’s leak site, which is often an indication that a victim paid.
DataBreaches emailed the clearinghouse on June 23 to ask for some straight answers about whether the clearinghouse had paid any ransom demand. They didn’t reply. DataBreaches repeated the inquiry on June 25. Again, there was no reply.
-
‘No credible evidence,’ Formal complaint filed against local doctor at center of alleged cyber attack
The Oklahoma State Medical Board has filed a complaint against a local doctor who claims her clinic was the target of a cyber attack, leaving former patients unable to get their medical records.
“It just makes me sick, what she has done to so many people and and seemingly doesn’t care,” said Amber Godfrey, a former patient.
Godfrey suffers from severe allergies. She went to Dr. Amy Darter at the Oklahoma Institute of Allergy Asthma and Immunology for treatment. If she doesn’t get her regular scheduled shots, it’s hard for her to breathe.
For months, the doors of the clinic have been closed with signs that said they’ve been hit by a cyber attack.