Security Issues and Windows TCO

posted by Roy Schestowitz on Nov 25, 2023

• LWN ☛ Security updates for Friday

  Security updates have been issued by Debian (firefox-esr, gnutls28, intel-microcode, and tor), Fedora (chromium, microcode_ctl, openvpn, and vim), Gentoo (LinuxCIFS utils, SQLite, and Zeppelin), Oracle (c-ares, container-tools:4.0, dotnet7.0, kernel, kernel-container, nodejs:20, open-vm-tools, squid:4, and tigervnc), Red Hat (samba and squid), Slackware (mozilla), SUSE (fdo-client, firefox, libxml2, maven, maven-resolver, sbt, xmvn, poppler, python-Pillow, squid, strongswan, and xerces-c), and Ubuntu (apache2, firefox, glusterfs, nghttp2, poppler, python2.7, python3.5, python3.6, tiff, and zfs-linux).

• RIVER VALLEY SCHOOL BOARD AUTHORIZES SOLICITOR TO SEEK SPECIAL COUNSEL IN WIRE FRAUD SCHEME INVESTIGATION

  On Tuesday night, the River Valley School Board authorized the solicitor’s office to seek qualified outside special counsel in connection with an investigation into a wire fraud incident in October of 2023.

  According to district solicitor Ryan Cribbs, an outside network of one of the district’s vendors was breached and used to make a fraudulent wire transfer of $736,126.91, which was made to look like a routine payment from the district to the vendor. Cribbs said that federal authorities are investigating the incident.

• Cybernews ☛ Enterprise software provider Tmax leaks 2TB of data

  A Korean IT company developing and selling enterprise software has leaked over 50 million sensitive records.

  The 2 TB-strong Kibana dashboard has been exposed for over two years. Cybernews researchers discovered it back in January 2023, noting the set of data was first spotted in June 2021. Our team attributed the dashboard to tmax.co.kr – a website owned by TmaxSoft, one of the Tmax brand companies.

  Unfortunately, the company hasn’t yet responded to Cybernews’ disclosure emails and requests for an on-the-record comment, and the dashboard with a treasure trove of information that could easily be exploited by threat actors remains open.

• TechCrunch ☛ Ukraine fires top cybersecurity officials

  Yurii Shchyhol, head of Ukraine’s State Special Communications Service of Ukraine, or SSSCIP, and his deputy Victor Zhora (pictured), who served as deputy chairman and chief digital transformation officer at SSSCIP, were both dismissed by the government, according to senior cabinet official Taras Melnychuk in a public post on Telegram.

• Data Breaches ☛ “They are tired of him, but they are afraid”: what is known about the leader of the hacker group Killnet

  The hacktivist group Killnet rose to prominence in 2022. After the start of the SVO, she openly sided with Russia and carried out a number of high-profile DDoS attacks on large targets such as the US Federal Tax Service , the banking systems of the European Union SWIFT and IBAN, the American arms company Lockheed Martin and others.

• Data Breaches ☛ Implications of “malware free” attacks on SMBs

  Kevin Beaumont recently called attention to a new intelligence report by Huntress.

  One of their findings that Beaumont highlighted is that 56% of incidents they see are ‘malwareless’.

• Data Breaches ☛ Welltok data breach exposes data of 8.5 million US patients

  And did Welltok’s report to HHS include the more than 426,000 people it subsequently reported to Maine on behalf of Graphic Packaging International and Premier Health? Those weren’t listed in Toulas’s article.

• Business Live ☛ Hackers demand $60m from TransUnion and Experian, claiming data theft

  Two of the country’s largest consumer credit reporting agencies, TransUnion and Experian, may have been hit by a fresh data hack, potentially exposing the financial and personal data of South Africans to risk.

  The hackers, the Brazil-based N4ughtySecTU Group, which has hacked TransUnion before, had again bypassed the organisation’s firewalls and security and managed to get away with the data.

  In their communication to TimesLIVE, the hackers shared journalist Sabelo Skiti’s name and identity number through his personal WhatsApp account.

  “The N4aughtySec Group is currently inside your and your clients’ infrastructure and will expose all data and system files in the next 24 hours should our ransom demands not be met in 24 hours,” the hackers told both organisations in their closed message.

• Windows TCO

  • Data Breaches ☛ Mission Community Hospital issues notification for May 1 ransomware attack

    Deanco Healthcare LLC, which does business as Mission Community Hospital (MCH) in California, has issued a breach notification about a ransomware attack it discovered in early May.

    According to their notification to the California Attorney General’s Office, MCH was alerted to potential unauthorized access to its IT network on May 1, 2023. Investigation confirmed that there was unauthorized access on that date.

    “While in our IT network, the unauthorized party accessed files containing patient information. Our investigation cannot rule out the possibility that, as a result of this incident, files containing some of your information may have been subject to unauthorized access,” patients were informed.

  • Network outage at UT Health East Texas causes the hospital to enter divert status

    After a potential security incident caused a network outage, UT Health East Texas enters a divert status.

    Prosecutors ask to effectively close case against top Italian, WHO officials over COVID-19 response According to UT Health East Texas officials, a potential security incident caused a network outage.

    In a statement to KETK, officials said UT Health East Texas entered a divert status while they work to bring their systems back online.

  • Data Breaches ☛ Meow Leaks claims attack on Vanderbilt University Medical Center

    Meow Leaks has added Vanderbilt University Medical Center (VUMC) in Tennessee to their leak site, and has dumped what they claim is 100% of the data they exfiltrated.

    “The hack was 02/11/23 The company will be hacked again!” they announced on November 18.

    The leak was posted in two parts, each described as “SQL,” but by the time DataBreaches attempted to download the data, it had been deleted from the file-sharing site for violations of terms of service.

    Via communications on Jabber, Meow Leaks informed DataBreaches that they would be re-uploading the data to where it couldn’t be deleted, but that has not happened as of publication.

  • Meredosia schools recovering from computer hijacking

    Meredosia-Chambersburg school district has been able to get most of its computer system back online after a cyberattack tried to hijack the network.

  • Data Breaches ☛ Fidelity National Financial ransomware incident impacts real estate closings

    Fidelity National Financial (FNF) is the nation’s largest group of title companies and underwriters in the country. They claim that collectively, they issue more title insurance policies than any other firm in the United States.