Security Leftovers
-
Deloitte probe into Optus attack will be released... when???
In March this year, when iTWire asked Optus about the probe, the company said "...we’re expecting the findings of the investigation to be available in late May".
-
Researchers warn unpatched Fortinet firewalls are exposed to critical vulnerability
Security researchers at Bishop Fox LLC Friday issued a warning that hundreds of thousands of Fortinet Inc. firewalls remain vulnerable to attack because they weren’t patched following the disclosure of a critical vulnerability in June.
-
Hacking crew targeting states over transition bans claims cyberattack hitting global satellite systems
A group that previously hacked Fort Worth, Texas, claimed a cyberattack that affected Halliburton, Shell, Helix Energy and Oceaneering.
-
Security updates for Tuesday [LWN.net]
Security updates have been issued by Debian (ghostscript), Fedora (apache-ivy, chromium, golang-github-schollz-croc, golang-github-schollz-mnemonicode, and webkitgtk), SUSE (amazon-ecs-init, dnsdist, libcap, python-tornado, terraform, and xmltooling), and Ubuntu (imagemagick, openldap, php7.4, php8.1, and screen).
-
340,000+ Fortinet firewalls wide open to flaw – report • The Register
More than 338,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical bug Fortinet fixed last month that’s being exploited in the wild.
This is according to infosec outfit Bishop Fox, which has developed an example exploit for achieving remote code execution via the hole. Successful exploitation of the pre-authentication vulnerability can allow an intruder to take over the network equipment. Bishop Fox warned: “You should patch yours now.”
-
Data leak affects 425,000 Swiss Abroad - SWI swissinfo.ch
In mid-May, a stolen data set appeared on the darknet. The content was information about subscribers to Swiss Review.This is a federal government magazine that keeps Swiss citizens abroad up to date on developments in their home country.
The data set is comprehensive. It currently contains over 425,000 addresses, 40% of which are postal and 60% email addresses. Anyone who is registered in Switzerland as a citizen resident abroad automatically receives Swiss Review – either by email or by post. According to the foreign ministry, only 330,000 of the 800,000 Swiss Abroad do not receive Swiss Review – among them, Italian-speaking Swiss. […]
But how could this have happened? Put simply, the 425,000 addresses of the Swiss Abroad are by-products of a blackmail attack on two Swiss publishing houses, the NZZ publishing group and CH Media. The two publishers’ digital infrastructures are networked with each other.
-
Notice of apology: Email containing current student information mistakenly sent to currently enrolled students | Tokyo Tech News | Tokyo Institute of Technology
A file containing personal information of currently enrolled Tokyo Tech students was attached mistakenly to an email sent on the afternoon of June 28 to presently enrolled regular-course students.
The email in question was an announcement regarding the Career Consultation Session hosted by the Student Support Center’s Student Success Support Section at Tokyo Tech. The attached file, which is used to set up destination email addresses for students, contained personal information of approximately 10,000 currently enrolled Tokyo Tech students, including their names and email addresses. Due to erroneous operation of the Web System for Students and Faculty, the file was sent unintendedly to currently enrolled students with valid email addresses. Although the file did not include residing addresses or dates of birth, Tokyo Tech is making every effort to keep the contents of the file private in the interest of protecting our students.
-
One of the scariest podcasts ever….
Remember last year when we were all reporting on how Conti had crippled Costa Rica with a ransomware attack and was suggesting the people overthrow the government to get one in place that would pay them?
What if that was actually what Conti was trying to test on behalf of Russia or other powers — whether they could overthrow a government by decimating it with a massive ransomware attack? And if they could cripple Costa Rica and leave it vulnerable, what about other Latin American countries?
-
Imagine360 discovers that two of its file-sharing platforms were hit within days of each other.
With all the big attacks on third-party vendors, it’s not surprising that some entities are reporting two or more breaches in a short period of time.
Imagine360, LLC, is a self-funded health plan for employers.
On or around January 30, Imagine360 identified unusual activity within Citrix, its third-party file-sharing platform. Imagine360 terminated access to the platform, reset passwords, and confirmed the security of its own environment. It also began its own internal investigation to determine the scope of the breach.
Days later, on or about February 3, 2023, Fortra, who owns the GoAnywhere platform that Imagine 360 also used for file-sharing, notified Imagine360 of the GoAnywhere breach.