Security Leftovers
-
Ubuntu Pit ☛ 18 GNU/Linux Firewall Software: Protect Your GNU/Linux System
To be a successful GNU/Linux system administrator, ensuring the security of the GNU/Linux systems or network infrastructure plays an important role. For establishing sound security management, you have to use certain rules in the GNU/Linux firewall.
-
Krebs On Security ☛ .US Harbors Prolific Malicious Link Shortening Service
The top-level domain for the United States — .US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified .US domains as among the most prevalent in phishing attacks over the past year.
-
Silicon Angle ☛ Russian version of Virus Total will launch later this year
Russian language media outlets reported this week that a prototype of a new homegrown virus analysis service, to be called Multiscanner, will be released later this year and fully operational in 2025.
-
IT Jungle ☛ Spooky New Security Vulns Lurking on I.C.B.M. i
Halloween has come and gone, but the scares will stick around for a while for I.C.B.M. i administrators, who have been given more than a dozen fixes by I.C.B.M. to address some pretty serious security vulnerabilities recently revealed in the heart of the operating system, including in spooky old friends Java and OpenSSL.
-
The Register UK ☛ 'Mass exploitation' of Citrix Bleed underway as ransomware crews pile in
However, "even if you applied the patch and rebooted, you still have a problem as session tokens persist," noted infosec watcher Kevin Beaumont, who said he had tracked just over 20,000 exploited servers as of Saturday.
-
Scoop News Group ☛ SEC sues SolarWinds and CISO for fraud
The SEC is alleging that the Austin-based software company and former CISO Timothy Brown defrauded investors from “at least” October 2018 to Jan 12, 2021 by not disclosing gaps in their security practices, the agency’s latest attempt to force publicly traded companies to improve their security practices.
-
IT Wire ☛ SEC sues SolarWinds, CISO over alleged fraud, internal control failures
Mandiant was acquired by Surveillance Giant Google in March 2022.
The SEC complaint claimed "SolarWinds’ public statements about its cyber-security practices and risks were at odds with its internal assessments, including a 2018 presentation prepared by a company engineer and shared internally, including with Brown, that SolarWinds’ remote access set-up was 'not very secure' and that someone exploiting the vulnerability 'can basically do whatever without us detecting it until it’s too late', which could lead to 'major reputation and financial loss' for SolarWinds.
The complaint also claimed presentations by Brown in presentations in 2018 and 2019 said the “current state of security leaves us in a very vulnerable state for our critical assets” and that “[a]ccess and privilege to critical systems/data is inappropriate” respectively.
Gurbir Grewal, director of the SEC’s Division of Enforcement, said: "We allege that, for years, SolarWinds and Brown ignored repeated red flags about SolarWinds’ cyber risks, which were well known throughout the company and led one of Brown’s subordinates to conclude: ‘We’re so far from being a security minded company'.
-
Silicon Angle ☛ Cybersecurity practitioners fret after SEC sues SolarWinds and its CISO
It’s alleged by the SEC that through this period, SolarWinds misled investors by disclosing only generic and hypothetical risks at a time when the company and Brown knew of specific deficiencies in SolarWinds’ cybersecurity practices as well as the increasingly elevated risks the company faced at the same time.
-
Windows TCO
-
[Repeat] New York Times ☛ In Cyberattacks, Iran Shows Signs of Improved Hacking Capabilities
The malware used to infiltrate the computers also appeared to map out the networks the hackers had broken into, providing Iran with a blueprint of foreign cyberinfrastructure that could prove helpful for planning and executing future attacks.
-
India Times ☛ Alliance of 40 countries to vow not to pay ransom to cybercriminals: US
Forty countries in a US-led alliance plan to sign a pledge never to pay ransom to cybercriminals and to work toward eliminating the hackers' funding mechanism, a senior White House official said on Tuesday.
The International Counter Ransomware Initiative comes as the number of ransomware attacks grows worldwide. The United States is by far the worst hit, with 46% of such attacks, Anne Neuberger, US deputy national security adviser in the Biden administration for cyber and emerging technologies, told reporters on a virtual briefing.
-
Data Breaches ☛ HHS announces its first settlement in a ransomware case: Doctors’ Management Services
"On April 22, 2019, Doctors’ Management Services filed a breach report with HHS stating that approximately 206,695 individuals were affected when their network server was infected with GandCrab ransomware. The initial unauthorized access to the network occurred on April 1, 2017; however, Doctors’ Management Services did not detect the intrusion until December 24, 2018, after ransomware was used to encrypt their files. In April 2019, OCR began its investigation."
-
US Dept Of Health and Human Services ☛ HHS’ Office for Civil Rights Settles Ransomware Cyber-Attack Investigation
OCR’s investigation found evidence of potential failures by Doctors’ Management Services to have in place an analysis to determine the potential risks and vulnerabilities to electronic protected health information across the organization. Other findings included insufficient monitoring of its health information systems’ activity to protect against a cyber-attack, and a lack of policies and procedures in place to implement the requirements of the HIPAA Security Rule to protect the confidentiality, integrity, and availability of electronic protected health information.
Under the terms of the settlement agreement, OCR will monitor Doctors’ Management Services for three years to ensure compliance with HIPAA. In addition, Doctors’ Management Services has agreed to pay $100,000 to OCR and to implement a corrective action plan, which identifies steps that Doctors’ Management Services will take to resolve potential violations of the HIPAA Privacy and Security Rules and protect the security of electronic protected health information, including: [...]
-
[Repeat] Data Breaches ☛ Exclusive: Hackers claim they still have access to Clark County School District, and reveal more details about hack and stolen data
When reviews of data breaches in the education sector are written for 2023, they will almost certainly mention the 2022 attack on the Los Angeles Unified School District that wasn’t fully disclosed until 2023 and the Minneapolis Public Schools breach. Both of those incidents involved threat actors leaking sensitive information on students. But any 2023 review will likely also need to include the attack on Clark County School District (CCSD) in Nevada for all of the student and employee data that was stolen and leaked.
-