Security Leftovers

posted by Roy Schestowitz on Jul 06, 2023

• Security updates for Wednesday [LWN.net]

  Security updates have been issued by Fedora (firefox and python-reportlab), Slackware (mozilla), SUSE (dnsdist, grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, pyt, kernel, kubernetes1.18, libdwarf, python311, qt6-base, rmt-server, and virtualbox), and Ubuntu (containerd, firefox, and python-django).

• The "StackRot" kernel vulnerability

  The disclosure contains a detailed description of the problem. Fixes have been merged into the mainline and the 6.4.1, 6.3.11, and 6.1.37 stable kernel updates.

• Ransomware Attack Hits Japan’s Biggest Port, Disrupting Cargo Shipments

  Japan’s biggest maritime port was crippled by an alleged Russian cyberattack, disrupting cargo as operators rushed to prevent a wider delay in shipments.

  Ransomware — used by hackers to lock access to files or systems unless a payment is made — caused a container terminal at the Port of Nagoya in Aichi Prefecture to suffer an outage Tuesday morning, the Nagoya Harbor Transportation Authority said Wednesday. The authority said operations are expected to resume Thursday at 8:30 a.m. local time.

• CISA issues warning for cardiac device system vulnerability

  The Cybersecurity and Infrastructure Security Agency (CISA) warned of a severe vulnerability in a cardiac device from medical device company Medtronic.

  The issue – tracked as CVE-2023-31222 – carries a “critical” CVSS score of 9.8 out of 10 and affects the company’s Paceart Optima software that runs on a healthcare organization’s Windows server.

  Medtronic said in an advisory that if exploited, the vulnerability allows hackers to delete, steal or modify data from a cardiac device. Hackers can also use the device’s issues to penetrate into a healthcare organization’s network.

• Information Regulator slaps Justice, Constitutional Development Department with R5m fine

  The Department of Justice and Constitutional Development (DoJ&CD) has been ordered to pay a R5 million fine following its failure to comply with an Enforcement Notice after contravening the Protection of Personal Information Act (Popia).

  On May 9 the Information Regulator issued an Infringement Notice against the department for contravening various sections of Popia.

  This after the DoJ&CD suffered a security compromise on its IT systems in September 2021, leading to the department’s systems being unavailable to its employees and affecting services to the public.

• Deputy U.S. Marshal Pleads Guilty to Obtaining Cell Phone Location Information Unlawfully

  According to court documents, Adrian Pena, 49, of Del Rio, Texas, used a law enforcement service to locate individuals with whom Pena had personal relationships and their spouses. Pena obtained the cell phone data by uploading blank and random documents to a system operated by Securus Technologies exclusively for authorized law enforcement purposes. Pena falsely certified that those documents were official and that they granted Pena permission to obtain the individuals’ data.

• Why ransomware groups are targeting Indian pharma companies and the healthcare sector; ClearMedi allegedly hacked

  Just three months after a ransomware attack pulled down India’s largest drugmaker, Sun Pharmaceuticals, the threat actors went after another pharma company. Hyderabad-based Granules India was notified of a significant loss of revenue and profitability due to a cybersecurity attack in the last week of May. […]

  From Dr. Reddy’s to the All India Institute of Medical Science (AIIMS), the pharma and healthcare sector have been experiencing an uptick in cyberattacks over the past few years, especially post-Covid-19. These incidents have put a spotlight on the weak cybersecurity infrastructure in the industry.

• Atherfield Medical & Skin Cancer Clinic victim of cyberattack by Cyclops [Ed: Windows based on the screenshots ]

  Australia has experienced a number of significant cyberattacks on healthcare entities in the past few years. Now a relatively new ransomware group, Cyclops, claims to have attacked Atherfield Medical & Skin Cancer Clinic in Australia: [...]

• DEVELOPING: HCA Healthcare patient data for sale on hacking forum?

  The Tennessee-headquartered healthcare provider did not reply immediately to an email asking them if they had experienced a breach and were aware that data allegedly from them was up for sale on a hacking forum.

• Over 100 fertility patients had data breached by N.L. Health Services

  When Kelsey Puddister-Collins opened an email from Newfoundland and Labrador Fertility Services on Tuesday, she said she was mortified to see the names and email addresses of over 100 people on the email list.

  Puddister-Collins' information was among those shared in a data breach. The email was a survey about her experience in receiving the province's fertility subsidy, which people can avail of when travelling out of province for procedures like in vitro fertilization.

• Video and chatting app leaks more than 100 million user messages

  How this leak occurred has not been explained yet, and there doesn’t seem to be any statement from Tigo yet.