Security Leftovers and Lots of Windows TCO (Microsoft-Related Breaches)

posted by Roy Schestowitz on Dec 07, 2023

• Comparative Study Results on Linux and Windows Ransomware Attacks, Exploring Notable Trends and Surge in Attacks on Linux Systems [Ed: According to 'study' from a Microsoft proxy]

• LWN ☛ Security updates for Wednesday

  Security updates have been issued by Fedora (chromium, clevis-pin-tpm2, firefox, keyring-ima-signer, libkrun, perl, perl-PAR-Packer, polymake, poppler, rust-bodhi-cli, rust-coreos-installer, rust-fedora-update-feedback, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sequoia-wot, rust-sevctl, rust-snphost, and rust-tealdeer), Mageia (samba), Red Hat (postgresql:12), SUSE (haproxy and kernel-firmware), and Ubuntu (haproxy, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-lowlatency, linux-oracle, linux-raspi, linux-starfive, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-oem-6.1, and redis).

• LWN ☛ SLAM: a new Spectre technique

  Many processor vendors provide a mechanism to allow some bits of a pointer value to be used to store unrelated data; these include Intel's linear address masking (LAM), AMD's upper address ignore, and Arm's top-byte ignore. A set of researchers has now come up with a way (that they call "SLAM") to use those features to bypass many checks on pointer validity, opening up a new set of Spectre attacks.

• Data Breaches ☛ Update: Cardiovascular Consultants Ltd. ransomware attack reportedly affected 500,000 patients, guarantors, and staff

  On November 6, DataBreaches reported that Qlin threat actors claimed to have attacked Cardiovascular Consultants, Ltd. and dumped more than 205 GB of data. At the time, DataBreaches reported that CVC had not responded to inquiries, their privacy officer contact (at Fresenius) had not responded to inquiries, and the data dump on Qlin’s leak site did not download. As of today, it still does not download, but Fresenius Medical Care AG has now filed Form 6-K with the Securities and Exchange Commission (SEC)

• BBC ☛ Data breach by Addenbrooke’s Hospital reveals patient information

  A hospital trust has apologized after private information on more than 22,000 patients was released in two breaches.

  The leaks – in 2020 and 2021 – concerned maternity and cancer patients at Addenbrooke’s Hospital, Cambridge.

  Roland Sinker, chief executive of Cambridge University Hospitals NHS Foundation Trust said the breaches had “only recently come to light”.

  […]

  “Both were the result of mistakenly including patient information in Excel spreadsheets in response to Freedom of Information Act (FOI) requests.”

• TechCrunch ☛ Millions of patient scans and health records spilling online thanks to decades-old protocol bug

  Thousands of exposed servers are spilling the medical records and personal health information of millions of patients due to security weaknesses in a decades-old industry standard designed for storing and sharing medical images, researchers have warned.

  This standard, known as Digital Imaging and Communications in Medicine, or DICOM for short, is the internationally recognized format for medical imaging. DICOM is used as the file format for CT scans and X-ray images to ensure interoperability between different imaging systems and software. DICOM images are typically stored in a picture storage and sharing system, or PACS server, allowing medical practitioners to store patient images in a single file and share records with other medical practices.

  But as discovered by Aplite, a Germany-based cybersecurity consultancy specializing in digital healthcare, security shortcomings in DICOM mean many medical facilities have unintentionally made the private data and medical histories of millions of patients accessible to the open internet.

• Data Breaches ☛ Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (GAO Report)

  Federal agencies have made progress in preparing for and responding to cyber threats. For instance, agencies have improved their ability to detect, analyze, and handle incidents like ransomware attacks and data breaches.

  However, some agencies have not met the federal requirements for event logging—i.e., ensuring that cybersecurity incidents are tracked and that these tracking logs are appropriately retained and managed.

  Information from federal IT logs is invaluable in the detection, investigation, and remediation of cyberthreats. We recommended that federal agencies fully implement requirements to log cybersecurity events, and more.

• Hacker News ☛ Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers.

  “The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,” CISA said, adding an unnamed federal agency was targeted between June and July 2023.

  The shortcoming affects ColdFusion 2018 (Update 15 and earlier versions) and ColdFusion 2021 (Update 5 and earlier versions). It has been addressed in versions Update 16 and Update 6, released on March 14, 2023, respectively.

• Data Breaches ☛ CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)

  DataBreaches contacted Prime Healthcare to inquire how many of their hospitals and locations were affected. Elizabeth Nikels Prime Healthcare Vice President, Communications and Public Relations responded that nine of the Prime hospitals were affected by their vendor’s breach.