Security Leftovers and Windows TCO
-
Using Velociraptor for large-scale endpoint visibility and rapid threat hunting
TL;DR Network-wide collection, acquisition and monitoring tool for use in DFIR engagements Designed for enterprise networks (150k+ Deployments aren’t unheard of) Boasts many features that your commercial EDR has [...]
-
Investigation Shows Israeli Malware Firms Pitching Spyware To Embargoed Countries, Serial Human Rights Abusers
As we’re all painfully aware by now, former Israeli intelligence analysts are capable of producing private sector malware companies faster than the CIA can produce successful coups.
-
ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers [Ed: "ShellBot, also known by the name PerlBot, is known to breach servers that have weak SSH credentials by means of a dictionary attack," so the issue is neither "Linux" nor "SSH" but bad passwords. Misleading headline, probably by intention.]
ShellBot, also known by the name PerlBot, is known to breach servers that have weak SSH credentials by means of a dictionary attack, with the malware used as a conduit to stage DDoS attacks and deliver cryptocurrency miners.
-
CD-indexing cue files are the core of a serious Linux remote code exploit [Ed: Well, it's not a "Linux" problem and this is a Microsoft employee who keeps badmouthing GNOME or "GNU/Linux" using hypothetical risks which in practice are difficult to exploit (whereas Microsoft puts back doors in its own stuff)]
It has been a very long time since the average computer user thought about .cue files, or cue sheets, the metadata bits that describe the tracks of an optical disc, like a CD or DVD. But cue sheets are getting attention again, for all the wrong reasons. They're at the heart of a one-click exploit that could give an attacker code execution on Linux systems with GNOME desktops.
-
How Vermont’s largest hospital now protects patient info 3 years after ransomware attack
Nearly three years after Vermont’s largest hospital fell victim to a ransomware attack, hospital officials say they’ve made progress toward better systems to protect patient information.
During the breach, nearly 1,300 servers were compromised on more than 5,000 devices across the UVM Health Network. Hospital officials say while no patient or employee information was stolen, the process cost them $65 million.
-
Queensland agencies to face mandatory data breach reporting
Queensland is set to join NSW as the only other Australian state to introduce a mandatory data breach notification scheme.
The state government says the Information Privacy and Other Legislation Amendment Bill 2023, introduced on October 12, contains reforms aimed at improving the accountability of government agencies and boosting privacy protections in a way that’s fit-for-purpose in a digital world.
The legislation introduces requirements for government agencies to notify the Office of the Information Commissioner, as well as affected individuals, of data breaches.
-
FBI and CISA Release Update on AvosLocker Advisory
The AvosLocker ransomware leak site has not been seen for months, but the government is providing an update on them based on its investigations as recently as May 2023. In May, DataBreaches reported on the Bluefield College breach by an affiliate of Avos. Because AvosLocker is RaaS, it’s possible that it is still active but just not using the leak site any more.
-
Equifax’s U.K. Arm Fined Over 2017 Data Breach
Equifax’s (EFX) U.K. arm was fined around $13.6 million Friday for failing to protect the data of millions of British customers in a 2017 hack of the credit-reporting company.
The British arm outsourced customer-data processing to the U.S., and then failed to manage or monitor data security, the Financial Conduct Authority said.
-
Cook County Health and Hospitals System terminates relationship with medical transcription service, notifying patients of breach
On September 24, Cook County Health and Hospitals System (CCH) in Illinois notified HHS of a breach. At the time, CCH reported that 500 patients were affected. The “500” entry is usually just a marker to indicate that the entity knows that they were required to notify HHS and individuals no later than 60 days from discovery of a reportable breach affecting more than 500 patients, but they do not yet really know how many people have been affected or need to be notified individually.
-
Windows TCO
-
World hit by biggest-ever DDoS attack
Google said in its blog post that only two minutes of one such attack “generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023”. Cloudflare said the attack was of a magnitude that “has never been seen before”.
-
Supo: Russia treats Finland as a hostile country
He also said that private individuals should make sure the devices and computers they use are on secure networks, encouraging people to keep equipment like [Internet] routers and Wi-Fi arrangements up-to-date.
-
The Hamas-Israeli war is also being fought in cyberspace
And it’s not alone. According to a Radware Ltd. blog, “In parallel to the Hamas invasion of Israel, we have observed a significant increase in cyber aggression against Israeli targets.” Security provider Radware is based in Tel Aviv.
The company tracked the number of distributed denial-of-service attacks claimed on Telegram in the first couple of weeks in October, showing that Israel has been targeted 143 times (pictured below), both by hackers claiming supporting Palestinian and Russian causes. The vast majority of these attacks began with the Hamas invasion of Israel on Oct. 7.
-
Excel recruitment time bomb makes top trainee doctors 'unappointable'
However, the body responsible for their selection and recruitment – the Anaesthetic National Recruitment Office (ANRO) – told all the candidates for positions in Wales they were "unappointable," despite some of them achieving the highest interview scores.
Only when one of the candidates challenged the decision did ANRO realize its error. A subsequent Significant Incident Review showed a complex and confused approach to using spreadsheets led to the disaster.
-