Security Leftovers
-
Security updates for Thursday
Security updates have been issued by Debian (open-vm-tools, openjdk-11, and openssh), Fedora (librsvg2, llhttp, opensc, and rust), Oracle (.NET 6.0, .NET 7.0, iperf3, microcode_ctl, postgresql:10, and python-requests), SUSE (openssl-1_0_0, perl-Cpanel-JSON-XS, postgresql12, and postgresql15), and Ubuntu (ceph, haproxy, heat, libpod, and postgresql-12, postgresql-14, postgresql-15).
-
Findlargedir: Find all "blackhole" directories with a huge amount of filesystem entries - Help Net Security
Findlargedir helps quickly identify "black hole" directories on any filesystem having more than 100k entries in a single flat structure.
-
LinkedIn Suffers 'Significant' Wave of Account Hacks
Users report losing access to their accounts, with some being pressured into paying a ransom to get back in or else face permanent account deletion.
-
Malicious QR code hacking campaign is targeting Microsoft credentials
QR codes are arguably one of the most ubiquitous technologies of the third decade of the 21st century, following the lead from China, where they’ve mostly replaced cash in everyday transactions. The convenience of scanning a QR code is well-documented, but not as well-documented is what happens when the QR code is malicious.
-
Phishers use QR codes to target companies in various industries - Help Net Security
A phishing campaign using QR codes has been detected targeting various industries to acquire Microsoft credentials.
-
Jefferson Health warns Cherry Hill hospital patients of potential data breach
Some patients at Jefferson Cherry Hill Hospital are being advised to keep an eye on their credit reports due to a potential data breach.
The hospital started notifying select patients this week that their private data may have been compromised after a backup hard drive went missing from a DEXA scan machine, which is used to measure bone density.
-
Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America
BlackBerry has discovered and documented new tools used by the Cuba ransomware threat group.
Cuba ransomware is currently into the fourth year of its operation and shows no sign of slowing down. In the first half of 2023 alone, the operators behind Cuba ransomware were the perpetrators of several high-profile attacks across disparate industries.
-
Compliance: National Credit Union Administration issues letter on cyber incident reporting notification requirements
NCUA issued a Letter to Credit Unions (23-CU-07) on the cyber incident notification requirements that go into effect Sept. 1. Credit unions will be required to notify the NCUA no later than 72 hours after the credit union reasonably believes it has experienced a reportable cyber incident or has received a notification from a third party regarding a reportable cyber incident.
-
ShopBack fined S$74,400 for data breach of over a million users
The data breach incident happened on Sep 9, 2020 when a malicious threat actor accessed Ecommerce Enablers’ storage server with a key inadvertently leaked by a senior member of the company’s software engineering team.
The threat actor then proceeded to extract close to 1.5 million email addresses, 840,210 names, 447,076 mobile numbers, 299,381 bank account numbers. There were also misappropriation of 378,531 instances of credit card information including partial credit card numbers and expiry dates.
-
NYC Finance Department Sent Every Employee Their Colleagues’ Personal Info
The city Department of Finance inadvertently emailed a roster of all of its staff — containing home addresses, cell numbers and personal email addresses — to the agency’s roughly 1,800 employees in a botched test of its emergency notification system, THE CITY has learned.
The snafu was accompanied by automated calls to agency employees that were mistakenly made around 3:30 a.m. on Wednesday, rather than at the planned time of 10 a.m. They featured a brief recording saying the calls were a test of the emergency notification system.
-
Windows feature that resets system clocks based on random data is wreaking havoc
A few months ago, an engineer in a data center in Norway encountered some perplexing errors that caused a Windows server to suddenly reset its system clock to 55 days in the future. The engineer relied on the server to maintain a routing table that tracked cell phone numbers in real time as they moved from one carrier to the other. A jump of eight weeks had dire consequences because it caused numbers that had yet to be transferred to be listed as having already been moved and numbers that had already been transferred to be reported as pending.
“With these updated routing tables, a lot of people were unable to make calls, as we didn't have a correct state!” the engineer, who asked to be identified only by his first name, Simen, wrote in an email. “We would route incoming and outgoing calls to the wrong operators! This meant, e.g., children could not reach their parents and vice versa.”