Security Leftovers and Windows TCO

posted by Roy Schestowitz on Nov 30, 2023

• LWN ☛ Security updates for Wednesday

  Security updates have been issued by Debian (gst-plugins-bad1.0 and postgresql-multicorn), Fedora (golang-github-nats-io, golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, libcap, nats-server, openvpn, and python-geopandas), Mageia (kernel), Red Hat (c-ares, curl, fence-agents, firefox, kernel, kernel-rt, kpatch-patch, libxml2, pixman, postgresql, and tigervnc), SUSE (python-azure-storage-queue, python-Twisted, and python3-Twisted), and Ubuntu (afflib, ec2-hibinit-agent, linux-nvidia-6.2, linux-starfive-6.2, and poppler).

• Security Week ☛ Los Angeles SIM Swapper Sentenced to 8 Years in Prison

  Amir Golshan of Los Angeles was sentenced to 96 months in prison for perpetrating multiple cybercrime schemes.

• Security Week ☛ Critical Vulnerability Found in Ray Hey Hi (AI) Framework

  A critical issue in open source Hey Hi (AI) framework Ray could provide attackers with operating system access to all nodes.

• EDRI ☛ Civil society statement: Council risks failing human rights in the Hey Hi (AI) Act

  In the run up to EU Hey Hi (AI) Act trilogue negotiation, 16 civil society organisations are urging representatives of the Council of the European Union to effectively regulate the use of Hey Hi (AI) systems by law enforcement, migration control and national security authorities in the legislation.

• Security Week ☛ Exploitation of Critical ownCloud Vulnerability Begins

  Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure.

• Bruce Schneier ☛ Digital Car Keys Are Coming

  Soon we will be able to unlock and start our cars from our phones. Let’s hope people are thinking about security.

• Silicon Angle ☛ Silent cyber menace: Majority of US websites are unprotected against simple bot attacks

  A new report released by software-as-a-service bot protection startup DataDome SAS today has found that about two in three U.S. websites are unprotected against simple bot attacks.

• SANS ☛ Decoding the Patterns: Analyzing DShield Honeypot Activity (Guest Diary), (Mon, Nov 27th)

• OpenSSF (Linux Foundation) ☛ Cybersecurity in Energy Infrastructure: The Value of Open Source Software

  LF Energy and OpenSSF released a new whitepaper on how open source software is critical to the innovation and transformation of our energy infrastructure. Contrary to common misconceptions, OSS offers not just affordability and adaptability but also a robust shield against cyber threats.

• Data Breaches ☛ DFS Announces $1 Million Cybersecurity Settlement With First American Title Insurance Company

  The New York State Department of Financial Services (DFS) today announced that First American Title Insurance Company (First American) will pay a $1 million penalty to New York State for violations of DFS’s Cybersecurity Regulation (23 NYCRR Part 500) stemming from a large-scale cybersecurity breach in May 2019. The breach contributed to the exposure of consumers’ nonpublic information. In addition to penalties, the company has agreed to implement significant remedial measures to better secure consumer data.

• TechCrunch ☛ Okta admits hackers accessed data on all customers during recent breach

  U.S. access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems, despite previously stating that only a fraction of customers were affected.

  Okta confirmed in October that a hacker used a stolen credential to access its support case management system and steal customer-uploaded session tokens that could be used to break into the networks of Okta customers. Okta told TechCrunch at the time that around 1% of customers, or 134 organizations, were affected by the breach.

  In a blog post published on Wednesday, Okta chief security officer David Bradbury said the company has since determined that all of its customers are affected by the breach.

• Middle East Monitor ☛ Hackers breach Israel intelligence group’s website

  An unknown entity has breached the website of the Shin Bet veterans’ association, Shoval, and may have stolen the details of the intelligence agency’s former employees, the French website Intelligence Online has reported.

  According to the website, the agency’s management has requested members of the association to be cautious, especially when travelling abroad.

• InnovationAus ☛ Queensland passes mandatory data breach notice laws

  Queensland has become only the second state to legislate a mandatory data breach notification scheme for public sector entities, as an almost identical scheme comes into effect in New South Wales.

  The Information Privacy and Other Legislation Amendment Bill 2023 passed through the Queensland state Parliament on Wednesday, less than two months after the bill was first introduced.

  The new scheme will require state and local government entities to notify affected individuals and the state’s privacy watchdog of eligible data breaches that would likely result in serious harm.

• Data Breaches ☛ A cyberattack hit thousands of people in Louisiana. They’re still in the dark months later.

  It was early August when teacher Heather Vidrine first heard about a cyberattack on her former school district in St. Landry Parish, but she didn’t think much about it — even after her Facebook got hacked.

  Now, she’s left to wonder whether the two are connected.

  Her Social Security number and other personal information was stolen in a ransomware attack against her former employer, the St. Landry Parish School Board, according to records obtained by The Acadiana Advocate and The 74, a nonprofit news organization that reports on America’s schools.

• Cybernews ☛ KidSecurity’s user data compromised after app failed to set password

  KidSecurity, a popular parental control app that’s used to track children, has exposed its activity logs, leaving users' private data in the hands of threat actors.

  With more than a million downloads on Google Play, KidSecurity provides parents with services to track their children's location, listen to the sounds around the child to ensure safety, and set gaming limits.

  On September 16th, researchers discovered that the app failed to configure authentication for Elasticsearch and Logstash collections.

• Windows TCO

  • IT Wire ☛ DP World says personal info of employees stolen during attack

    p>In a statement issued on Tuesday, a DP World Australia spokesperson said: "...DP World Australia can confirm that some of its files were accessed by the unauthorised third party and a small amount of data was exfiltrated from the DP World Australia network.

    "While the investigation has shown that customer data was not affected, some of the impacted data includes the personal information of current and previous employees of DP World Australia.

    "DP World Australia is in the process of notifying impacted individuals. It has established a cyber response team to support impacted individuals and is providing various support services through its Employee Assistance Programs and organisations like IDCARE and Equifax."

    >

  • Security Week ☛ Ardent Hospitals Diverting Patients Following Ransomware Attack [Ed: Windows kills]

    Ransomware attack forces Ardent hospitals to shut down systems, impacting clinical and financial operations.

  • Reuters ☛ Ransomware group ‘Black Basta’ has raked in more than $100 million -researchers

    A cyber extortion gang suspected of being an offshoot of the notorious Russian Conti group of hackers has raked in more than $100 million since it emerged last year, researchers said in a report published on Wednesday.

    Digital currency tracking service Elliptic and Corvus Insurance said in a joint report the ransom-seeking cybercrime group known as “Black Basta” has extorted at least $107 million in bitcoin, with much of the laundered ransom payments making their way to the sanctioned Russian cryptocurrency exchange Garantex.

  • Data Breaches ☛ Hacker breaks silence following a decade behind bars in Cybernews documentary

    DataBreaches first reported on Jesse William McGraw of Arlington, Texas, a/k/a “GhostExodus,” was when he was arrested by the FBI in June 2009 and then indicted in July 2009 on federal felony charges related to hacking into Carrell Clinic in Dallas, Texas. McGraw, who worked as a contract security guard at North Central Medical Plaza, had actually posted video of himself on YouTube committing crimes, including what he called his “botnet infiltration.”

  • Data Breaches ☛ Attorney General James Warns New Yorkers Impacted by Medical Company’s Data Breach of Potential Identity Theft

    New York Attorney General Letitia James today warned New Yorkers impacted by a data breach at a medical transcription company, Perry Johnson & Associates, to take action to prevent potential identity theft. The company experienced a data breach affecting nearly nine million patients, including approximately four million New Yorkers in New York City and Syracuse. Northwell Health and Crouse Health have been affected by this data breach, and most individuals whose data was impacted have been notified. Attorney General James advises affected New Yorkers to protect themselves and their information from theft and impersonation.

  • Reuters ☛ Japan space agency hit with cyberattack, rocket and satellite info not accessed

    Japan’s space agency was hit with a cyberattack but the information the hackers accessed did not include anything important for rocket and satellite operations, a spokesperson said on Wednesday.

    “There was a possibility of unauthorised access by exploiting the vulnerability of network equipment,” the spokesperson at Japan Aerospace Exploration Agency (JAXA) said, declining to elaborate on details such as when the attack took place.

    […]

    apanese media reported Wednesday that the cyberattack occurred during the summer and the police became aware of the attack and notified JAXA this autumn.