Security Leftovers

posted by Roy Schestowitz on Aug 19, 2023

• Security updates for Friday [LWN.net]

  Security updates have been issued by Debian (chromium, rar, and unrar-nonfree), Fedora (microcode_ctl, trafficserver, and webkitgtk), SUSE (ImageMagick, kernel, nodejs16, nodejs18, postgresql12, postgresql15, re2c, and samba), and Ubuntu (ghostscript, haproxy, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux-hwe-5.4, linux-xilinx-zynqmp, poppler, and zziplib).

• Listing for sale of U.S. Education Department data may not be what you expect

  Yesterday, a listing appeared on a popular hacking forum offering data for sale that were reported to be from the US Department of Education (Ed.gov).

  According to the listing, the leaked information includes: “ID, UserID, UserName, MobileNumber, LevelID, ConsumerID, Type, FeedBack, SubjectID, Subject, Replied, Token, Completed, Date, Updated, Deleted, and Origin”

  DataBreaches contacted the seller, who is known to this site from previous activities, to ask about the actual source of the data. He responded promptly via private message: “The database is from the NAEP. It’s related to the National Report Card. The database is a feedback database from students to teachers or education providers about progress or questions in general.” He added that the data had been given to him by someone else, and might be months old, but he wasn’t certain.

• Police officer loses laptop and notebook as he drives along motorway after leaving them on roof of his car in fourth data breach by single police force

  A police officer lost his laptop and notebook as he drove along the motorway after leaving them on the roof of his car – in the fourth data breach by a single force.

  The PSNI said it is investigating after a senior officer revealed sections of the lost notebook remain outstanding.

• Morris Hospital discloses breach that Royal claimed responsibility for in May; notifies 248,943

  Morris Hospital & Healthcare Centers (Morris Hospital) has issued a notification concerning a cybersecurity incident they discovered on April 4. The incident affects current and former patients of Morris Hospital and current and former employees and their dependents or beneficiaries.

  According to their explanation, their forensic investigation determined that “just prior to the incident,” data was exfiltrated to an external storage platform by an unauthorized individual or individuals. The exported files contained records with the names, addresses, dates of birth, social security numbers, medical record numbers and account numbers, and diagnostic codes of current and former healthcare patients at Morris Hospital AND the names, addresses, social security numbers, and dates of birth of current and former employees and their dependents and beneficiaries.

• Insider-Wrongdoing in the Healthcare Sector

  In 2016, when Protenus and DataBreaches first began collaborating on collecting and analyzing data from reported breaches involving health data, we focused on what is often called the “insider threat” by breaking it down into two categories: human error or breaches due to accidents, which we called “insider-error,” and breaches due to intentional wrongdoing by employees or contractors, which we called “insider-wrongdoing.” Because we have used this categorization for the last few years, we thought this might be a good time to do a look-back and see if, using that framework, insider-wrongdoing reports appear to have increased, decreased or stayed approximately the same over the years.