Security Leftovers and Windows TCO
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (freeimage, gimp, gst-plugins-bad1.0, node-json5, opensc, python-requestbuilder, reportbug, strongswan, symfony, thunderbird, and tiff), Fedora (chromium, galera, golang, kubernetes, mariadb, python-asyncssh, thunderbird, vim, and webkitgtk), Gentoo (AIDE, Apptainer, GLib, GNU Libmicrohttpd, Go, GRUB, LibreOffice, MiniDLNA, multipath-tools, Open vSwitch, phpMyAdmin, QtWebEngine, and RenderDoc), Slackware (vim), SUSE (gstreamer-plugins-bad, java-1_8_0-ibm, openvswitch, poppler, slurm, slurm_22_05, slurm_23_02, sqlite3, vim, webkit2gtk3, and xrdp), and Ubuntu (openvswitch and thunderbird).
-
Data Breaches ☛ DHS/CISA and UK NCSC Release Joint Guidelines for Secure AI System Development [Ed: Riding the buzzwords train]
“The release of the Guidelines for Secure AI System Development marks a key milestone in our collective commitment—by governments across the world—to ensure the development and deployment of artificial intelligence capabilities that are secure by design,” said CISA Director Jen Easterly. “As nations and organizations embrace the transformative power of AI, this international collaboration, led by CISA and NCSC, underscores the global dedication to fostering transparency, accountability, and secure practices. The domestic and international unity in advancing secure by design principles and cultivating a resilient foundation for the safe development of AI systems worldwide could not come at a more important time in our shared technology revolution. This joint effort reaffirms our mission to protect critical infrastructure and reinforces the importance of international partnership in securing our digital future.”
-
Windows TCO
-
Data Breaches ☛ Hospitals in multiple states diverting patients after Ardent Health Services hit with ransomware attack [Ed: Windows kills]
It was predictable that threat actors would attack during Thanksgiving week when many people take off for the holiday and long weekend.
Ardent Health Services was hit with a ransomware attack — and badly enough that hospitals wound up diverting emergency patients.
Below the break, you can find the text of Ardent’s notice and FAQ. Ardent hospitals and health systems can be found here.
-
Bleeping Computer ☛ Ransomware attack on indie game maker wiped all player accounts
A ransomware attack on the “Ethyrial: Echoes of Yore” MMORPG last Friday destroyed 17,000 player accounts, deleting their in-game items and progress in the game.
Ethyrial: Echoes of Yore is a free-to-play old-school MMORPG developed by indie game publisher ‘Gellyberry Studios.’
The title is available on Steam as an ‘Early Access’ release, meaning it is still in an early development phase and relies on monthly subscriptions and community support to continue its development.
As announced on the game’s official Discord channel, ransomware actors attacked the main server and encrypted all data, including local backup drives, demanding payment in exchange for a decryption key.
-