Security Leftovers

posted by Roy Schestowitz on Sep 13, 2023

• Security updates for Tuesday/a>

  Security updates have been issued by Debian (node-cookiejar and orthanc), Oracle (firefox, kernel, and kernel-container), Red Hat (flac and httpd:2.4), Slackware (vim), SUSE (python-Django, terraform-provider-aws, terraform-provider-helm, and terraform-provider-null), and Ubuntu (c-ares, curl, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-raspi, and linux-ibm, linux-ibm-5.4).

• Testing for Host Header Injection Vulnerabilities

  In the ever-evolving realm of web security, Host Header Injection stands as one of the vulnerabilities that can potentially plague web applications. This flaw arises when a web application or server does not properly validate or restrict the Host header in incoming HTTP requests, thereby exposing it to malicious exploitation.

• 8 Best Tools for Website Malware Scanning Online Free

  Scan your website for malware and other security issues with Website Malware Scan. Get a detailed report and guidance on how to fix the issues.

• China Sows Disinformation About Hawaii Fires Using New Techniques [Ed: New York Times cites "researchers from Microsoft and other organizations" as if they're experts in this area; this is how Microsoft is distracting from the fact that China breached everything at Microsoft -- a topic that should be at the front paper of every paper]

  Beijing’s influence campaign using artificial intelligence is a rapid change in tactics, researchers from Microsoft and other organizations say.

• Microsoft cloud breach report 'leaves many questions unanswered'

  Cloud security company Wiz.io says there are many unanswered questions raised by Microsoft's final report into a breach of its Azure cloud platform, pointing out that the threat actor, given the name Storm-0558, may have been forging authentication tokens for more than two years given the timeline in the report.

• After Microsoft and X, Hackers Launch DDoS Attack on Telegram

  Anonymous Sudan launches a DDoS attack against Telegram in retaliation for the suspension of their primary account on the platform.

• No hacker will be able to improve security in industry

  Among other achievements, the CDC is known for Back Orifice, a program designed for remote administration, the brainchild of Sir Dystic, a member of CDC. Back Orifice was named to bring attention to the poor security in Windows.

• Microsoft Announces Endgame for Third-Party Windows Printer Drivers

  Microsoft is focusing on Mopria-compliant printers using the IPP Class Driver.

• Apple fixes 0-Day Vulnerability in Older Operating Systems, (Mon, Sep 11th)

  This update fixes the ImageIO vulnerability Apple patched for current operating systems last week. Now, Apple follows up with a patch for its older, but still supported, operating system versions.

• Chinese Warnings on iPhones Tap Deep Strain of Security Concerns

  For years, officials in China have been told to shun foreign devices. Now reports of renewed curbs have unnerved Apple’s investors, heightening geopolitical tensions.

• Bookstore Chain Dymocks Discloses Data Breach Possibly Impacting 800k Customers

  The personal information of more than 800,000 individuals was stolen from bookstore chain Dymocks in a cyberattack last week.

  /blockquote>

• Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach

  Cybercriminals breached an AP Stylebook website and obtained information on customers who were then targeted in phishing attacks. 

• FBI Blames North Korean Hackers for $41 Million Stake.com Heist

  FBI says North Korean hacking group Lazarus has stolen $41 million in cryptocurrency from online betting platform Stake.com.

• ‘Cybersecurity issue’ disables computer systems at MGM Resorts

  MGM Resorts International Inc., best known as an operator of casinos in Las Vegas, has been forced to shut down some casino and hotel systems following what the company described as a “cybersecurity issue.”

• MGM Resorts hit in disruptive cyberattack

  Long-time readers may recall a story in January 2017 about a luxury hotel that reportedly paid extortion to ransomware attackers because guests were locked in their rooms. Some of the story was ultimately considered to be fake news, although the whole scenario initially seemed possible at the time.

  Fast forward more than six years and MGM Resorts has been hit, and as part of the consequences of the digital attack, some guests may be having trouble getting into their rooms.

• ‘Cybersecurity Issue’ Forces Systems Shutdown at MGM Hotels and Casinos

  Company websites were down, and some guests complained of problems with slot machines and hotel room access. Cybersecurity experts point to a likely cyberattack.

• Hospital Sisters Health System’s CFO exits as it continues to handle ‘cybersecurity incident’

  HSHS still hasn’t forthrightly disclosed whether this was a ransomware incident or not, although it certainly reads like one. No ransomware group has publicly claimed responsibility for the attack at this point.

• Local health care system's CFO exits as it continues to handle 'cybersecurity incident'

  The chief financial officer of Hospital Sisters Health System (HSHS), which operates several facilities in Metro East, has exited the nonprofit, while it continues to fight a "cybersecurity incident" that began impacting its operations late last month.

  Kimberly Hodgkinson, who has served as the senior vice president and chief financial officer of the Springfield, Illinois-based system since July 2022, left her position as of Friday, a spokeswoman confirmed to the Business Journal.

• Vulnerabilities Allow Hackers to Hijack, Disrupt Socomec UPS Devices

  A researcher has found 7 vulnerabilities in Socomec UPS products that can be exploited to hijack and disrupt devices. 

• Bloom Health Centers discloses data breach involving mental health data of 1,545 patients

  On September 11, Psych Associates of Maryland LLC d/b/a Bloom Health Centers (“Bloom Health”), a mental health service provider, announced a data security incident that involved the personal and protected health information of some clinicians and patients.

  Before digging into the details, note that some affected patients may have been treated by a Bloom Health doctor at Dominion Hospital. Dominion Hospital is not affiliated with Bloom Health Centers, but allows Bloom Health providers to serve their patients at the hospital. Additionally, certain patients may have been originally seen at companies acquired by Bloom Health, including Psych Associates of Maryland, Comprehensive Behavioral Health, and Kraus Behavioral Health.

• St. Paul Public Schools notifies families of data breach from February

  St. Paul Public Schools notified families and staff last week of a “data security incident” last winter that may have exposed students’ names and email addresses.

  In a letter sent out on Friday, the district said it became aware of the issue in February and flagged the FBI, Minnesota IT Services and the Minnesota Department of Public Safety to investigate “an unauthorized third party” that had accessed district data.

  The full scope of the breach wasn’t made clear until mid-July, but SPPS says it has identified everyone whose data might have been accessed. At this point, the district says it “has no reason to believe” there was any fraudulent use of anyone’s personal information.

• Save the Children confirms systems breach

  Save the Children appears to have been hacked by the Chinese data extortion gang BianLian, according to data posted to the latter’s victim blog. Though it does not mention the charity by name, the cybercrime organisation claims to have stolen up to 8GB of files from an international NGO “employing over 25,000 staff and operating in 116 countries”, a description experts have said fits the profile of Save the Children. [….]

  Save the Children confirmed that an outside party had obtained unauthorised access to part of its network, though it stressed that there had been no operational disruption as a result. “We are working hard with external specialists to understand what happened and what data was impacted, so we can take all the appropriate next steps,” a spokesperson told Tech Monitor. “Our systems are also secured, and we are confident in the ongoing integrity of our IT infrastructure.”

• Cybercrime investigation causes half-day for East Jackson schools

  A potential cybercrime is causing classes to be cut to a half day in East Jackson Community Schools on Tuesday, Sept. 12, officials said.

  The incident currently is under investigation by the Blackman-Leoni Department of Public Safety. School officials learned of the potential cybercrime Tuesday morning, Superintendent Steve Doerr said.

• HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations

  Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules with LA Care, the nation’s largest publicly operated health plan that provides health care benefits and coverage through state, federal, and commercial programs. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules that set the requirements that HIPAA-regulated entities must follow to protect the privacy and security of protected health information (PHI). The settlement concludes two OCR investigations initiated from a large breach report and a media article regarding a separate security incident. Under the agreement, LA Care agreed to pay $1,300,000 and to implement a corrective action plan, discussed in further detail below, which identifies steps LA Care will take to resolve these potential violations of the HIPAA Security Rule and protect the security of electronic protected health information (ePHI).

• Brazil’s government convicted for data leak exposed by The Brazilian Report

  Federal government agencies were convicted for leaking data of beneficiaries of Auxilio Brasil, a flagship federal aid program now renamed as Bolsa Familia, to financial agencies offering payroll deduction loans to low-income Brazilians.

  Prior to elections last year, the administration of former President Jair Bolsonaro launched a program allowing people enrolled in aid programs to sign up for payroll deduction loans – a government push to create feel-good factors around the economy.

• Rhysida claims responsibility for attacks on two U.S. health systems: Prospect Medical Holdings, Singing River Health

  On August 3, Prospect Medical Holdings disclosed a ransomware attack that affected some of its 16 hospitals and 10 clinics, including three hospitals in Connecticut and hospitals run by Crozer Health. Although they have made some progress with recovery, a note on their website today states, “Prospect Medical Holdings, along with all Prospect Medical facilities, is experiencing a systemwide outage. We are working to resolve the issue as soon as possible and regret any inconvenience.”

  For its part, Rhysida ransomware gang claimed responsibility for the attack, stating, “They kindly provided: more than 500000 SSN, passports of their clients and employees, driver’s licenses, patient files (profile, medical history), financial and legal documents!!! If you are interested in our partner’s confidential documents, you will be able to purchase them too!!! Total 1TB unique files, as well as 1.3TB SQL database.”