Security Leftovers
-
Bleeping Computer ☛ Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials [Ed: This is a Jupyter Notebooks issue, not Linux. Imagine the media calling Photoshop holes a Windows issue.]
Qubitstrike attacks are believed to begin with a manual scan for exposed Jupyter Notebooks, followed by a CPU identification to evaluate its mining potential.
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (node-babel), Fedora (moodle), Gentoo (mailutils), Oracle (go-toolset:ol8 and java-11-openjdk), Red Hat (ghostscript, grafana, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, nghttp2, nodejs:16, nodejs:18, and rhc-worker-script), SUSE (cni, cni-plugins, container-suseconnect, containerd, cups, exim, grub2, helm, libeconf, nodejs18, python3, runc, slurm, supportutils, and tomcat), and Ubuntu (glib2.0, openssl, and vips).
-
Data Breaches ☛ BlackCat threatens to leak data from Morrison Community Hospital [Ed: Windows TCO]
Although numerous sites appear to have simply repeated AlphV’s claims as if they are confirmed, the hospital has not confirmed any breach and DataBreaches has found no statement from them since the listing first appeared on October 13. There is no statement on the hospital’s website at publication time to confirm or deny any data breach or security incident. Nor does their site indicate any disruption in services or compromise of patient data. The proof of claims, however, suggests that protected health information of at least some patients has been acquired, but even that has not been verified.
-
Bleeping Computer ☛ Casio discloses data breach impacting customers in 149 countries
Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform.
Casio detected the incident on Wednesday, October 11, following the failure of a ClassPad database within the company’s development environment. Evidence suggests that the attacker accessed customers’ personal information a day later, on October 12.
The exposed data includes customer names, email addresses, countries of residence, service usage details, and purchase information such as payment methods, license codes, and order specifics.
-
TechCrunch ☛ RagnarLocker ransomware dark web site seized in international sting
An international group of law enforcement agencies have seized the dark web portal used by the notorious RagnarLocker ransomware group, TechCrunch has learned.
A message on the RagnarLocker website now states that, “this service has been seized by a part of a coordinated international law enforcement action against the RagnarLocker group.” According to the seizure notice, the operation involved law enforcement agencies from the United States, the European Union, and Japan.
The full scale of the operation is not yet known, and it’s unclear whether the gang’s infrastructure was also seized, if any arrests were made, or whether any stolen funds have been recovered.
-
Bleeping Computer ☛ Hacker leaks millions of new 23andMe genetic data profiles
A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum.
Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe services to find their ancestry info and genetic predispositions.
23andMe told BleepingComputer that this data was obtained through credential stuffing attacks on accounts using weak passwords or credentials exposed in other data breaches. However, the company says there is no evidence of a security incident on their IT systems.