Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (gimp), Fedora (audiofile and firefox), Mageia (postgresql), Red Hat (binutils, c-ares, fence-agents, glibc, kernel, kernel-rt, kpatch-patch, libcap, libqb, linux-firmware, ncurses, pixman, python-setuptools, samba, and tigervnc), Slackware (kernel and mozilla), SUSE (apache2-mod_jk, avahi, container-suseconnect, java-1_8_0-openjdk, libxml2, openssl-1_0_0, openssl-1_1, openvswitch, python3-setuptools, strongswan, ucode-intel, and util-linux), and Ubuntu (frr, gnutls28, hibagent, linux, linux-aws, linux-aws-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi, linux-starfive, linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-laptop, linux lowlatency, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive, linux-oem-6.1, mosquitto, rabbitmq-server, squid, and tracker-miners).
-
Kansas Reflector ☛ Kansas court officials confirm details of ‘evil, criminal’ international cyberattack
Foreign cybercriminals launched the attack on the Kansas judicial branch’s information system in October and stole records of appellate cases and judicial administration files potentially regarded as confidential under state law, officials said Tuesday.
Justices of the Kansas Supreme Court issued a joint statement confirming perpetrators “stole data and threatened to post it to a dark website if their demands were not met.” The release didn’t say whether the judicial branch complied with demands of the attackers, nor did it disclose whether evidence existed Kansas court information was forwarded to secretive illicit portions of the web.
“This assault on the Kansas system of justice is evil and criminal,” the justices said. “We express our deep sorrow that Kansans will suffer at the hands of these cybercriminals.”
-
China Cybersecurity and Data Protection Regulations – 2023 Recap and 2024 Outlook
China has been expanding its legal framework for cybersecurity and data protection in recent years, with further advancements seen in 2023. This year witnessed the refinement of legal requirements governing the procedures to export personal information (PI), bringing further clarity to the responsibilities and accountabilities of companies.
At the same time, 2023 may have seen China’s cybersecurity authorities walk back some of the requirements placed on companies, in particular for cross-border data transfer (CBDT). Stringent CBDT restrictions have posed challenges for multinational corporations and foreign-invested enterprises (FIEs), potentially acting as barriers to increased foreign investment.
In an effort to improve the environment for foreign businesses, China’s cybersecurity authorities have recently proposed to ease the requirements imposed on companies regarding CBDT. By revisiting and modifying certain CBDT requirements, China is signaling its commitment to striking a balance between data security and facilitating smoother cross-border business operations. These proposed changes represent a pivotal step towards building a more dynamic and investor-friendly cybersecurity framework.
-
Data Breaches ☛ Ransomware Attack Delays Medical Care, Residents Seek Alternatives [Ed: databreaches.net still linking to chatbot-crafted webspam/plagiarism]
In the wake of the attack on TransForm that affected southwest Ontario hospitals, some patients still have to seek care elsewhere.
-
CyberRisk Alliance LLC ☛ Data breach at Idaho National Laboratory claimed by SiegedSec
Idaho National Laboratory had its Oracle Human Capital Management servers for its human resources apps compromised by the SiegedSec hacking operation, which claimed to have accessed "hundreds of thousands of user, employee, and citizen data," CyberScoop reports.
-
665,000 MBS members data leak: Govt to investigate if there was 'significant harm'
On whether organisations that could be in possession of large volumes of data should be given enhancements to their obligations during incidents of data breach, Teo highlighted that a higher standard of personal data protection is already required for these organisations.