Security Leftovers

posted by Roy Schestowitz on Nov 10, 2023

• Yahoo News ☛ New TuxCare Partner Program Arms System Integrators with Modernized Linux Security Offerings

  TuxCare, a global innovator in enterprise-grade cybersecurity for Linux, today announced it debuted a new partner program aimed at helping system integrators offer the latest tools for modernizing their customers’ Linux security arsenal. Details of the new program are available at www.tuxcare.com/become-system-integrator-partner.

• The Register UK ☛ Intel knew AVX chips were insecure and did nothing – lawsuit • The Register

• Data Breaches ☛ Ransomware attack under investigation at Pulaski County Public Schools

  Pulaski County Public Schools has unfortunately become the victim of a cybercriminal attack. On Sunday, we discovered irregularities in our systems. PCPS immediately retained outside experts to launch a forensic investigation and help secure our servers. We now know that this is a case of ransomware deployment. Our dedicated IT professionals are working diligently with some of the country’s leading experts in cybersecurity to return PCPS systems back to normal as quickly as possible – they are making incredible progress.

• Huntress ☛ Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyberattack

  In a concerning development within the healthcare sector, Huntress has identified a series of unauthorized access that signifies internal reconnaissance and preparation for additional threat actor activity against multiple healthcare organizations.

  The attackers abused a locally hosted instance of a widely-used remote access tool, ScreenConnect—utilized by the company Transaction Data Systems (which recently merged with and was renamed Outcomes), the makers of Rx30 and ComputerRx software — for initial access to victim organizations. The threat actor proceeded to take several steps, including installing additional remote access tools such as ScreenConnect or AnyDesk instances, to ensure persistent access to the environments.

• San Diego ☛ Tri-City Medical Center in Oceanside hit by cybersecurity attack

  Tri-City Medical Center is diverting ambulance traffic to other hospitals Thursday as it copes with a cybersecurity attack that has forced it to declare “an internal disaster” as workers scramble to contain the damage and protect patient records.

  The Oceanside facility’s management confirmed the situation in a brief statement, indicating that the hospital’s emergency department remains “prepared to manage emergency cases” that may arrive in private vehicles and is “working with our other health system partners to ensure the provision of health care for our community.”

  […]

  Tri-City management declined to confirm that the threat was ransomware, though several people familiar with the situation who asked not to be identified said that it was the suspected culprit.

• Yahoo News ☛ Personal information impacted in breach of computer network, Butler County says

  Butler Couty is notifying the public of a data security incident where someone gained access to personally identifiable information.

  The county said federal authorities alerted them to suspicious activity on its computer network at the start of October. By the end of October, it determined there was unauthorized access to personally identifiable information related primarily related to criminal court proceedings maintained on the county network.

  […]

  This is the second data security incident in as many months for Butler County. In September, someone gained unauthorized access to a jail employee’s email and impacted personally identifiable information.

• Hunton Andrews Kurth ☛ NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

  On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

  The NYDFS, which regulates financial institutions including insurance companies, mortgage brokers and banks, adopted the original Cybersecurity Regulation in 2017. The new amendments strengthen the initial framework and require NYDFS-regulated entities to adhere to a number of additional prescriptive data security requirements, including adopting controls to prevent unauthorized access to information systems, conducting more regular risk assessments, maintaining robust incident response planning procedures, and adhering to updated notification requirements, such as the new requirement to report ransomware extortion payments to NYDFS within 24 hours of the payment.

• Becker's Hospital Review ☛ Optum medical group in New York reports service disruption

  Crystal Run Healthcare in Middletown, N.Y., told patients to expect longer wait times than usual amid a system interruption affecting some services, according to the medical group's website.

  Mid Hudson News reported Nov. 3 that Crystal Run experienced a service disruption.

  "We are working diligently to resolve these issues," the medical group wrote on its website Nov. 3. The announcement was still on the website Nov. 6 and recommended patients call 911 with an emergency.

• Security Boulevard ☛ Avoiding Common Linux Configuration Mistakes that Lead to Security Vulnerabilities [Ed: But then they are not the fault of "Linux"]

  The robust security features of Linux make it the preferable choice for many enterprises. However, like any other operating system, security vulnerabilities can occur in Linux due to misconfigurations. These vulnerabilities may expose your system to potential risks, making it crucial to avoid common pitfalls in Linux configuration.