Security and Windows TCO
-
Several Cobbler Vulnerabilities Fixed in Ubuntu 16.04 [Ed: This is nearly 8 years old.]
A series of Cobbler vulnerabilities have been addressed in Ubuntu 16.04 ESM in the recent security updates. Ubuntu 16.04 ESM (Expanded Security Maintenance) is the extended version of end-of-life Ubuntu 16.04 LTS with extra security patching beyond the end dates. ESM versions are available through Ubuntu Pro subscription, which is relatively expensive for security patching.
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Fedora (chromium, gnutls, gst-devtools, gstreamer1, gstreamer1-doc, libcap, mingw-poppler, python-gstreamer1, qbittorrent, webkitgtk, and xen), Mageia (docker, kernel-linus, and python-django), Oracle (dotnet6.0, dotnet7.0, dotnet8.0, firefox, samba, squid, and thunderbird), Red Hat (firefox, postgresql:13, squid, and thunderbird), SUSE (cilium, freerdp, java-1_8_0-ibm, and java-1_8_0-openj9), and Ubuntu (ec2-hibinit-agent, freerdp2, gimp, gst-plugins-bad1.0, openjdk-17, openjdk-21, openjdk-lts, openjdk-8, pypy3, pysha3, and u-boot-nezha).
-
Data Breaches ☛ Proliance Surgeons notifying 437,392 patients after ransomware attack earlier this year [Ed: Windows TCO]
On November 17, Proliance Surgeons notified HHS that 437,392 patients were affected by a breach. An undated notice on their website explains that it was a ransomware attack in which files and systems were encrypted and some data was exfiltrated.
-
After $50 Million Breach, KyberSwap Faces Hacker’s Shocking Demands
The individual claiming responsibility for the hack on KyberSwap, a multi-chain decentralized exchange (DEX) aggregator, has issued a set of astonishing demands through a transaction on the Ethereum blockchain.
The hacker, self-identified as “Kyber Director,” is demanding complete executive control over Kyber, the company, and full authority over its governance mechanism, KyberDAO.
-
Hendersonville city employees target of cybersecurity breach
A Hendersonville cybersecurity incident has put city employees’ data at risk. The incident occurred just before the Thanksgiving break, according to a Nov. 29 statement from City Manager John Connet.
Connet said that a “threat actor group” targeted software used to manage city employee data.
Hendersonville is working with the North Carolina Joint Cybersecurity Task Force and other government agencies to investigate the incident. It is also working with a third-party contractor to assess what happened.
-
The Record ☛ Ukrainian gets 8-year sentence for running marketplace for Americans’ data
A Ukrainian citizen was sentenced to eight years in U.S. prison for administering a marketplace that sold the personal information of millions of Americans.
Vitalii Chychasov, 37, was arrested in March of last year while attempting to enter Hungary and was later extradited to the U.S.
Chychasov previously agreed to forfeit $5 million in proceeds from SSNDOB (for Social Security number and date of birth) — a series of websites that sold personal information, including names, dates of birth, and Social Security numbers belonging to individuals in the U.S.
-
Some city data was stolen during cyber breach; full scope remains unknown, Long Beach says
Long Beach officials said Wednesday that some city data was stolen during a cybersecurity breach it detected earlier this month, but, officials said, it could be weeks or months before a clear picture emerges of what exactly was taken.
The city said it does not currently know what type of data was taken or how much. It could potentially include sensitive information, considering city systems hold things like personal employee data, confidential information submitted by vendors, and payment information of residents and others who have used credit cards to pay for city services.
-
Data Breaches ☛ More than 1 million Michiganders affected by Welltok cyberattack
More than 1 million Michiganders were affected by a cybersecurity breach at Welltok Inc., a software company contracted to provide communication services for Corewell Health’s southeastern Michigan properties along with a healthy lifestyle portal for Priority Health, an insurance plan owned by Corewell.
For about 2,500 Priority Health members, names, addresses and health insurance identification numbers were compromised, the health plan said in a statement.
For about 1 million Corewell Health patients, the compromised data includes names, dates of birth, email addresses, phone numbers, medical diagnoses, health insurance information and Social Security numbers.
-
Line operator says 440,000 personal records leaked in data breach [Ed: Windows TCO]
The leakage was caused when malware infected a computer owned by an employee of a subcontractor used by the company’s South Korea-based affiliate, Naver Cloud Corp., it said.