Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (libreoffice and webkit2gtk), Fedora (java-1.8.0-openjdk and seamonkey), Oracle (apr, edk2, kernel, and squid:4), Red Hat (postgresql:12, tracker-miners, and webkit2gtk3), SUSE (curl, go1.20, go1.21, hplip, openvswitch, opera, squid, and xerces-c), and Ubuntu (binutils, ghostscript, libreoffice, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm,
-
The Record ☛ White House cyber director confirmed in Senate
The Senate on Tuesday confirmed Harry Coker to be the country’s next cybersecurity czar, installing the former NSA official as President Joe Biden’s top cyber adviser at a time when the administration is working to revamp the nation’s digital posture.
As the new head of the Office of the National Cyber Director, Coker will coordinate federal agencies’ patchwork efforts on cybersecurity issues and oversee the execution of the National Cybersecurity Strategy and the National Cyber Workforce and Education Strategy.
The Senate confirmed Coker on a 59-40 vote weeks after the Homeland Security Committee unanimously approved his nomination. He previously served as NSA executive director and spent 17 years at the Central Intelligence Agency.
-
Attorney General James Secures $400,000 from Dental Insurance Provider for Failing to Protect Patient Data
New York Attorney General Letitia James today secured $400,000 from one of New York’s largest dental insurance providers, Healthplex, Inc. (Healthplex), for failing to properly protect the personal and medical information of New Yorkers. Healthplex, a Long Island-based company, had inadequate data security practices that made it susceptible to a data breach attack that compromised the personal and private information of 89,955 individuals, of which 63,922 were New York residents. As a result of this agreement, Healthplex has agreed to strengthen its data security practices.
“Visiting a dentist’s office can be a stressful experience without having the added concern that personal and medical data could be stolen by bad actors,” said Attorney General James. “Insurers, like all companies charged with holding on to sensitive information, have an obligation to ensure that data is safeguarded and doesn’t fall into the wrong hands. New Yorkers can rest assured that when my office is made aware of data breaches, we will drill down and get to the root of the problem.”
In late November 2021, an unknown individual sent a phishing email to a Healthplex employee, requesting the employee to enter their login credentials. On November 24, 2021, the hacker gained access to the employee’s account which contained over 12 years of emails. Some of the exposed emails contained sensitive customer enrollment information, including names, member identification numbers, insurance group names and numbers, addresses, dates of birth, credit card numbers, banking information, Social Security numbers, and member portal usernames and passwords. The Office of the Attorney General’s investigation concluded that, by failing to implement multifactor authentication for remote email access, Healthplex failed to adopt reasonable data security practices to protect patients’ personal and health information.
-
Data Breaches ☛ Russian banker of Hive ransomware network arrested in Paris [Ed: Windows TCO]
A Russian, suspected of having recovered in cryptocurrencies the money taken from French victims of the powerful Hive ransomware , dismantled in January, was arrested last week, AFP learned on Tuesday December 12 from the judicial police. The suspect, ” aged around forty and who resided in Cyprus “, was arrested on December 5 while he was in Paris, said Christophe Durand, head of the cyber-investigations unit of the brand new Office. anti-cybercrime (Ofac).
More than 570,000 euros in cryptocurrencies, corresponding to “ his working capital ”, were seized as part of the search of his Cypriot home, carried out while he was in police custody thanks to the “ reactivity ” of international cooperation, via Europol and Eurojust, greeted Christophe Durand. Hive, one of the world’s leading ransomware attack networks, is accused of targeting 1,500 entities in 80 countries and collecting more than $100 million in ransoms.
-
Reuters ☛ How cybercriminals are using Wyoming shell companies for global hacks
Somali reporter Abdalle Ahmed Mumin was doubly distressed when he heard that a colleague had been abducted by masked gunmen at the University of Mogadishu on the morning of Aug. 17.
A fellow journalist was missing and Mumin – the chairman of the Somali Journalists Syndicate – had little way of getting the word out. Digital sabotage had knocked his syndicate’s website and email accounts offline a few days earlier.
“I can still feel the frustration,” Mumin told Reuters. “Our link to the outside world, to the international media, is our website.”
It was only after getting help from Qurium, a Swedish nonprofit that does digital defense work for news organizations and nonprofits, that Mumin was able to get his site back on its feet and properly raise the alarm about the missing reporter.
When Qurium investigated, it eventually traced a source of the outage to a surprising place: Wyoming.
-
Government Technology ☛ Ransomware Group Publishes Stolen Medical Data
Though Tri-City Medical Center got its operations back up and running 17 days ago, ransomware extortion efforts appear to be ongoing against the Oceanside hospital.
Earlier this week, a cybersecurity expert noted in a message on X, formerly called Twitter, that “INC RANSOM”, a well known group of cyber extortionists, announced its possession of records stolen from the health care provider on the dark web, an anonymous corner of the Internet where such information is often bought and sold.
The post includes “proof” in the form of eight printed pages presumably taken from Tri-City during the digital attack that severely impacted the public hospital district’s operations starting on Nov. 9. On Nov. 27, the organization reported that it had once again started accepting all ambulance traffic and was conducting elective surgeries postponed during the attack.
-
Data Breaches ☛ Disgruntled Cloud Engineer Sentenced to Two Years in Prison for Intentionally Damaging His Former Employer’s Computer Network After He Was Fired
According to a superseding indictment returned by a federal grand jury in December 2022, Brody worked as a cloud engineer for a bank headquartered in San Francisco until March 11, 2020, when he was fired for violating company policy.