Security Leftovers

posted by Roy Schestowitz on Nov 14, 2023

LWN ☛ Security updates for Tuesday

Security updates have been issued by Debian (postgresql-11, postgresql-13, and postgresql-15), Fedora (chromium, optipng, and radare2), Scientific Linux (plexus-archiver and python), Slackware (tigervnc), SUSE (apache2, containerized-data-importer, kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, postgresql, postgresql15, postgresql16, postgresql12, postgresql13, python-Django1, squashfs, and xterm), and Ubuntu (firefox and memcached).

• Bleeping Computer ☛ Israel warns of BiBi wiper attacks targeting Linux and Windows

  Data-wiping attacks are becoming more frequent on Israeli computers as researchers discovered variants of the BiBi malware family that destroys data on both Linux and Windows systems.

  Over the weekend, Israel's CERT published an alert with rules that could help organizations identify or prevent the threat actors' activity.

  The attacks are part of a larger cyber offensive that targets Israeli organizations, including in the education and technology sectors.

• Data Breaches ☛ NoEscape gang adds two more medical entities to their leak site

  The NoEscape ransomware gang claims to have attacked two more medical entities.

  The first one is Southeastern Orthopaedic Specialists, P.A. in North Carolina.

  According to the threat actors, the network was locked on October 25, and 3 GB of files were exfiltrated.

  From the expanded listing (not shown here), it also appears that Southeastern Orthopaedic Specialists has not responded to their demands at all. As a result, NoEscape has apparently hit them with a DDoS attack.

• Kevin Beaumont ☛ LockBit ransomware group assemble strike team to breach banks, law firms and governments. [Ed: Windows TCO]

  I thought it would be good to break down what is happening and how they’re doing it, since LockBit are breaching some of the world’s largest organisations — many of whom have incredibly large security budgets.

  Through data allowing the tracking of ransomware operators, it has been possible to track individual targets. Recently, it has become clear they have been targeting a vulnerability in Citrix Netscaler, called CitrixBleed. Prior reading:

• Toronto, Canada: Moneris Hit by Cyber Attack, Medusa Team Demands $6M Ransom

  In the past hours, another prominent name in global finance has fallen victim to a cyber attack on its IT infrastructure. This time, the Canadian company Moneris, a technology and financial firm specializing in digital payment processing and serving as a partner for leading card brands in Canada such as AlphaPay, American Express, Apple Pay, Balpex, Canadian Retail Solutions, Diners Club International, Discover Global Network, Google Pay, Interac, JCB, Mastercard, Oracle, Tulip, Union Pay, Visa, Wix, among others, has suffered the consequences.

• Reuters ☛ FBI struggled to disrupt dangerous casino hacking gang, cyber responders say

  The U.S. Federal Bureau of Investigation (FBI) has struggled to stop a hyper-aggressive cybercrime gang that's been tormenting corporate America over the last two years, according to nine cybersecurity responders, digital crime experts and victims.

• Reuters ☛ Gang says ICBC paid ransom over hack that disrupted US Treasury market [Ed: Windows TCO and large banks funding criminals]

  China's biggest lender, the Industrial and Commercial Bank of China, paid a ransom after it was hacked last week, a Lockbit ransomware gang representative said on Monday in a statement which Reuters was unable to independently verify.

  ICBC, whose U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Nov. 9, did not immediately respond to a request for comment.

• Wired ☛ The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story [Ed: Windows TCO]

  Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.

• MPR News ☛ Minnesota schools turn to voters, plead for lawmaker help in fending off cyberattacks

  Faced with a growing threat of cybersecurity breaches, school districts around the country and in Minnesota are turning to local taxpayers and state officials for help in building up their defenses.

  Voters in at least 17 communities last week weighed ballot questions letting local districts raise tax levies for cybersecurity improvements; more than half were approved.

  School officials on Monday told lawmakers that it shouldn’t be entirely on their shoulders.

• Lawmakers delve into school data breaches

  Cybersecurity panel seeks more information on how school online defenses were penetrated, and how to prevent more breaches.

• [Repeat] Information Security Media Group, Corporation ☛ Denmark Hit With Largest Cyberattack on Record

  Hackers potentially linked to the Russian GRU Main Intelligence Directorate carried out a series of highly coordinated cyberattacks targeting Danish critical infrastructure in the nation’s largest cyber incident on record, according to a new report.

  SektorCERT, a nonprofit cybersecurity center for critical sectors in Denmark, reported that attackers gained access to the systems of 22 companies overseeing various components of Danish energy infrastructure in May. The report published Sunday says hackers exploited zero-day vulnerabilities in Zyxel firewalls, which many Danish critical infrastructure operators use to protect their networks.