Security Leftovers
-
Survival time for web sites, (Tue, Aug 29th) [Ed: Microsoft managed to make an operating system that gets hijacked within seconds being connected to Ethernet or Wi-Fi]
Many, many years ago we (SANS Internet Storm Center) published some interesting research about survival time of new machines connected to the Internet. Back then, when Windows XP was the most popular operating system, it was enough to connect your new machine to the Internet and get compromised before you managed to download and install patches. Microsoft changed this with Windows XP SP2, which introduced the host based firewall that was (finally) enabled by default, so a new user had a better chance of surviving the Internet.
-
Personal, Health Information of 1.2 Million Stolen in PurFoods Ransomware Attack
PurFoods says the personal and protected health information of over 1.2 million individuals was stolen in a February 2023 ransomware attack.
-
Secure your Apollo GraphQL server with Semgrep
By Vasco Franco tl;dr: Our publicly available Semgrep ruleset has nine new rules to detect misconfigurations of versions 3 and 4 of the Apollo GraphQL server.
-
Mandiant warns hackers are still targeting Barracuda Email Security Gateway devices
Researchers at Google LLC-owned cybersecurity firm Mandiant today warned that alleged Chinese attackers have and are continuing to target a zero-day vulnerability in Barracuda Networks Inc. devices successfully. The vulnerability in Barracuda’s Email Security Gateway, tracked as CVE-2023-2868, was patched in May.
-
Chinese APT Was Prepared for Remediation Efforts in Barracuda ESG Zero-Day Attack
Chinese threat actor exploiting Barracuda ESG appliances deployed persistence mechanisms in preparation for remediation efforts.
-
BGP Flaw Can Be Exploited for Prolonged Internet Outages
A serious flaw affecting several major Border Gateway Protocol (BGP) implementations can be exploited to cause prolonged internet outages, but some vendors are not patching it, a researcher warned on Tuesday.
The issue was discovered by Ben Cox, the owner of BGP.Tools, a company that provides monitoring services to help organizations quickly identify and address BGP-related issues.
-
VMware Patches Major Security Flaws in Network Monitoring Product
VWware patches critical flaws that allow hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface.
-
Rapid7 team reports increased attacks on Cisco VPN appliances
In a blog post on Tuesday, Rapid7's Tyler Starks, Christiaan Beek, Robert Knapp, Zach Dayton and Caitlin Condon wrote that the credential stuffing was observed inn cases where weak or default passwords were used.
The brute-force attacks took place on devices where multi-factor authentication was not enforced, either for all users or a select group.
The security firm said many incidents to which it had responded had ended up with Windows ransomware being deployed either by Akire or LockBit.
-
UN Warns Hundreds of Thousands in Southeast Asia Roped Into Online Scams
A new report sheds light on cybercrime scams that have become a major issue in Asia, with many workers trapped in virtual slavery.
-
Avoid The Hack: 11 Best Privacy Friendly Operating Systems (Desktops)
This post was originally published on 3 NOV 2021; it has since been updated and revised.
Just about any closed-source, proprietary operating system - such as Windows or macOS - is likely not going to be beneficial for your privacy. Many closed-source operating systems are not totally transparent in their operation, engage in excessive telemetry, and phone home collected data. These actions tend to undermine user privacy.
Generally, the ideal solution to combating the privacy issues faced by Windows and macOS is to make the switch to some type of free and open source Linux distribution.
The list of operating systems here are a curated recommendation list. Truthfully, just about any open-source Linux distribution is a better choice from a privacy (and in some cases, security) perspective than using Windows or macOS.
-
Flax Typhoon targeting Taiwan, Ransomware Emphasizing Linux-Centric Payloads [Ed: This is yet another example of Microsoft openly spreading FUD against Linux to distract from Windows TCO in Taiwan]
Flax Typhoon: Microsoft Uncovers Espionage Tactics Targeting Taiwan
-
Kaspersky launches specialized solution for Linux-based embedded devices
This adaptable, multi-layered solution now provides optimized security for embedded Linux-based systems, devices and scenarios, in compliance with the rigorous regulatory standards so often applicable to these systems. The product provides optimum protection for every device it secures – whatever its power level – against the latest cyberthreats directed at today’s Linux systems.
-
Security updates for Wednesday
Security updates have been issued by Debian (qpdf, ring, and tryton-server), Fedora (mingw-qt5-qtbase and moby-engine), Red Hat (cups, kernel, kernel-rt, kpatch-patch, librsvg2, and virt:rhel and virt-devel:rhel), and Ubuntu (amd64-microcode, firefox, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-kvm, linux-oracle, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-hwe-6.2, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi, linux-bluefield, linux-ibm, linux-oem-6.1, and openjdk-lts, openjdk-17).
-
University of Michigan severs ties to internet after cyberattack
The University of Michigan announced that it has severed its ties to the internet and cut off access to some systems after experiencing a cyberattack that began on Sunday.
In a message to the school’s more than 51,000 students on Monday, the school’s chief information officer Ravi Pendse said that the university on Sunday “made the intentional decision to sever our ties to the internet” after “careful evaluation of a significant security concern.”
-
Chambersburg School District Faces Third Day of Closures Due to Ongoing IT Issues
Chambersburg Area School District (CASD) will remain closed on Wednesday, August 30th for the third consecutive day, following persistent IT network disruptions that have plagued the district. The ongoing technical issues have resulted in a halt in educational instruction, creating disruptions and challenges for both students and their families.
The school district issued an official statement, citing “temporary network disruptions” as the cause for the school closures.
-
Forever 21 notifies 540,000 of breach affecting employees enrolled in firm’s health plan
In 2017, fashion retailer Forever 21 experienced a malware attack on its card payment system that compromised customers’ payment cards. The breach was an embarrassment on a number of levels because the attacker had access to their system for about 7 months, and Forever 21 did not seem to have discovered the breach on their own. Fast forward to 2023 and Forever 21 is notifying almost 540,000 current and former employees of a breach earlier this year.
According to a template of their notification letter, submitted by their external counsel to the Maine Attorney General’s Office: on March 20, 2023, Forever 21 identified “a cyber incident that impacted a limited number of systems.” A subsequent investigation determined that an unauthorized third party accessed certain Forever 21 systems at various times between January 5, 2023 and March 21, 2023. The notification does not explain how the unauthorized individual managed to gain access.
-
Important Notification of Data Security Incident
Prime Therapeutics LLC (Prime)/Magellan Rx is committed to member transparency. As part of our commitment, we are sharing a recent security incident that may have affected a subset of its covered Blue Cross and Blue Shield of Minnesota members.
On July 11, 2023, Prime became aware that an unauthorized actor obtained access to an employee's mobile email account. That email account contained documents that included members' personal health information, including name, address, date of birth, member ID number and medication(s). Upon discovery of this incident, Prime immediately conducted a comprehensive investigation of this matter and immediately disabled the compromised credentials. Prime has blacklisted the unauthorized actor's IP addresses and established monitoring for any future login attempts. Prime has obtained no evidence to indicate that the information involved in this incident was actually accessed or has been misused.