Security Leftovers
-
LWN ☛ Security updates for Friday
Security updates have been issued by Debian (webkit2gtk), Fedora (microcode_ctl, pack, and tigervnc), Slackware (gimp), SUSE (frr, gcc13, go1.20, go1.20-openssl, go1.21, go1.21-openssl, libnbd, libxml2, python-Pillow, python-urllib3, and xen), and Ubuntu (intel-microcode and openvpn).
-
Security Week ☛ Zimbra Zero-Day Exploited to Hack Government Emails
Google says a Zimbra zero-day from earlier this year, CVE-2023-37580, was exploited in several campaigns to hack government emails.
-
Security Week ☛ Administrator of Darkode Hacking Forum Sentenced to Prison
Thomas McCormick, aka fubar, an administrator of the Darkode hacking forum, has been sentenced to 18 months in prison.
-
OpenSSF (Linux Foundation) ☛ OpenSSF Kicks Off Guest Blog Editorial Review Panel to Amplify Voices in the Security Community
Open source software (OSS) has grown exponentially in its adoption and usage in recent years, making its security a top priority. The Open Source Security Foundation (OpenSSF) recognizes the need to foster a community that shares knowledge, insights, and best practices to fortify OSS. With this in mind, we're pleased to introduce the new OpenSSF Guest Blog Editorial Review Panel that will be focused on facilitating our guest blog initiative.
-
Security Boulevard ☛ Navigating Linux Cybersecurity Complexities [Ed: Snake-oil pusher TrueFort selling some FUD in Microsoft-affiliated site]
-
Data Breaches ☛ States settle with Morgan Stanley for $6.5 million over data security incidents
The incidents that resulted in this litigation occurred in 2016 and 2019, and resulted in other litigation and enforcement actions as well, including a $60 million fine by the Office of the Comptroller of the Currency, a $35 million fine by the SEC, and another $60 million settlement in a consumer lawsuit — DataBreaches.
-
CISA ☛ CISA Releases The Mitigation Guide: Healthcare and Public Health (HPH) Sector
Today, CISA released the Mitigation Guide: Healthcare and Public Health (HPH) Sector as a supplemental companion to the HPH Cyber Risk Summary, published July 19, 2023. This guide provides defensive mitigation strategy recommendations and best practices to combat pervasive cyber threats affecting this critical infrastructure sector. It also identifies known vulnerabilities for organizations to assess their networks and minimize risks before intrusions occur.
-
Data Breaches ☛ Systems East, Inc. notifies 209,000 consumers after database with some payment card info was hacked
It’s not often DataBreaches reads a breach disclosure that reports the theft of already-encrypted data, but a notification by Systems East, Inc. (SEI) in New York reported one such incident.
SEI, which provides e-payment solutions and online payment processing services, notified consumers that on August 25, an unknown individual accessed certain systems on SEI’s network. The intrusion was identifed and stopped the same day. Their investigation revealed that the individual had copied an encrypted database that contained payment cardholders’ names, card numbers, and expiration dates.
-
NTMC database exposed personal info to open web: report
The National Telecommunication Monitoring Centre (NTMC) in Bangladesh has exposed a database to the open web. The types of data that leaked online were extensive, American technology magazine WIRED reports.
The list of data is long: names, professions, blood groups, parents’ names, phone numbers, the length of calls, vehicle registrations, passport details and fingerprint photos, according to the report.
When asked by bdnews24.com, Major General Ziaul Ahsan, director general of NTMC, said the information about the data leak was “totally incorrect”.