Security Letovers

posted by Roy Schestowitz on Aug 23, 2023

• Security updates for Tuesday

  Security updates have been issued by Debian (intel-microcode, lxc, and zabbix), Fedora (clamav), SUSE (python-configobj), and Ubuntu (clamav).

• Microsoft is now a cybersecurity titan. That could be a problem. [Ed: No, Microsoft is the culprit. It backs back doors in all its things and won't patch things.]

  Microsoft has fought to position itself as a global leader for cybersecurity, but it’s also battling its own cybersecurity demons and taking fire from the US Congress.

• Tesla Discloses Data Breach Related to Whistleblower Leak

  Tesla has disclosed a data breach impacting 75,000 people, but it’s a result of a whistleblower leak, not a malicious cyberattack.

• Tesla is suing two former employees over a massive data breach

  The data of 75,753 individuals was compromised in a Tesla hack—and an insider job is apparently to blame. Tesla identified and filed lawsuits against two former employees over the cyber breach, resulting in the seizure of their electronic devices.

• Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability

  A critical-severity vulnerability in the Ivanti Sentry (formerly MobileIron Sentry) product exposes sensitive API data and configurations.

• Australian Lender Latitude Financial Reports AU$76 Million Cyberattack Costs

  Australian lender Latitude Financial said the recent ransomware attack has cost it AU$76 million (roughly US$50 million).

• Brazilian Hacker Claims Bolsonaro Asked Him to Hack Into the Voting System Ahead of 2022 Vote

  A Brazilian hacker claims former president Bolsonaro asked him to hack into the voting system ahead of the 2022 election.

• Flaws in Juniper Switches and Firewalls Can Be Chained for Remote Code Execution

  Juniper Networks has released Junos OS updates to address J-Web vulnerabilities that can be combined to achieve unauthenticated, remote code execution.

• Energy One breached, some systems taken down as precaution

  Energy One is the biggest supplier of 24/7 operational energy services in Australia and the second largest in Europe. It has offices in Sydney, Melbourne, Adelaide and Brisbane, apart from those in other countries.

  The company said it had informed the authorities who needed to be kept in the loop, both in Australia and the UK.

  {loadposition sam08}"Key lines of the ongoing inquiry and response include securing Energy One’s systems, establishing whether or what personal information and/or customer-facing systems have been affected, and the initial point of entry," the statement said.

• Bugs in x86 chips force Linux kernel update

  Bugs emerged earlier this month in Intel and AMD processors that affect both client and server processors over multiple generations. Fortunately, the bugs were found some time ago and researchers kept it quiet while fixes were developed.

  Google researchers found the Intel bug known as Downfall (CVE-2022-40982) and reported it to Intel more than a year ago, so both parties had plenty of time to work things out. The Downfall bug exploits a flaw in the "Gather" instruction that affected Intel CPUs use to grab information from multiple places in a system's memory. A Google researcher created a proof-of-concept exploit that could steal encryption keys and other kinds of data from other users on a given server

• Energy One Investigates Cyberattack

  Wholesale energy software software provider Energy One reported on Friday a cyberattack had affected “certain corporate systems” in Australia and the UK. In a statement, the company said analysis is underway to identify which systems have been affected.

  Energy One is currently trying to establish whether customer-facing systems have been affected, and what personal information was compromised, if any. The company is also trying to determine the initial point of entry.

• A New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China [Ed: The problem is Microsoft, not China, but Microsoft-funded media shapes a phony narrative, wherein Microsoft is the victim]

  Every software supply chain attack, in which hackers corrupt a legitimate application to push out their malware to hundreds or potentially thousands of victims, represents a disturbing new outbreak of a cybersecurity scourge. But when that supply chain attack is pulled off by a mysterious group of hackers, abusing a Microsoft trusted software model to make their malware pose as legitimate, it represents a dangerous and potentially new adversary worth watching.

  Today, researchers on the Threat Hunter Team at Broadcom-owned security firm Symantec revealed that they’d detected a supply chain attack carried out by a hacker group that they’ve newly named CarderBee.

• Health Data Breach Lawsuits Surge as Cyberattacks Keep Climbing [Ed: Microsoft TCO]

  Companies handling health data are fending off more cyberattacks each year, and those that do get hacked are facing costly litigation at rapidly rising rates, a Bloomberg Law analysis found.

  The monthly average of new class actions filed over health data breaches so far this year is nearly double the rate from 2022, according to a Bloomberg Law analysis of 557 complaints filed against companies in federal courts over the last five years.

• New Chrome Feature Alerts Users About Malicious Extensions

  Google has announced an update set to be introduced in Chrome 117. This new feature aims to proactively inform users when an extension they have installed is no longer available on the Chrome Web Store. The move comes as part of the tech giant’s ongoing commitment to enhance security measures within its browser platform.

  The feature, called the “Safety Check,” is designed to address three specific scenarios. First, it will alert users if an extension has been unpublished by its developer. Second, it will notify users if an extension has been removed due to a violation of Chrome Web Store policies. Lastly, the Safety Check will come into play when an extension is flagged as potential malware.

• University of Minnesota investigating potential data breach

  The University of Minnesota confirms that it has contacted law enforcement and is investigating a claimed data breach that officials became aware of just a month ago.

  U of M spokesman Jake Ricker released a statement to KARE 11 saying on July 21 school administrators became aware that an “unauthorized party” claimed to possess sensitive data reportedly taken from the institution’s computer systems. Ricker says an investigation was launched as soon as the claim was discovered, local law enforcement was contacted and state and federal regulators were also notified.