Security Leftovers
-
Cyber Security News ☛ Apache ActiveMQ Vulnerability Exploited by Kinsing to Attack Linux Servers [Ed: The issue here is not "Linux", even if the media tries to make it sound so; attributing every bug in every program that can run on GNU/Linux to "Linux" is like saying any Windows program that has a flaw is Microsoft's fault]
Threat actors actively targeted the Apache ActiveMQ vulnerability to get unauthorized access to messaging systems, leading to potential data breaches and system compromise.
Meanwhile, the Apache ActiveMQ vulnerability, which was tracked as “CVE-2023-46604,” can be exploited to disrupt communication, cause service outages, and deploy ransomware (HelloKitty) as well.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (debian-security-support and xorg-server), Fedora (java-17-openjdk, libcmis, and libreoffice), Mageia (fish), Red Hat (buildah, containernetworking-plugins, curl, fence-agents, kernel, kpatch-patch, libxml2, pixman, podman, runc, skopeo, and tracker-miners), SUSE (kernel, SUSE Manager 4.3.10 Release Notes, and SUSE Manager Client Tools), and Ubuntu (gnome-control-center, linux-gcp, linux-kvm, linux-gkeop, linux-gkeop-5.15, linux-hwe-6.2, linux-lowlatency-hwe-6.2, linux-nvidia-6.2, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, netatalk, and pydantic).
-
LWN ☛ OpenPGP for application developers
A new book called OpenPGP for application developers has been released under the Creative Commons BY-SA license.
-
LWN ☛ Supplementing CVEs with !CVEs
The Common Vulnerabilities and Exploits (CVE) system is the main mechanism for tracking various security flaws, using the omnipresent CVE number—even vulnerabilities with fancy names and web sites have CVE numbers. But the CVE system is not without its critics and, in truth, the incentives between the reporting side and those responsible for handling the bugs have always been misaligned, which leads to abuse of various kinds. There have been efforts to combat some of those abuses along the way; a newly announced "!CVE" project is meant to track vulnerabilities ""that are not acknowledged by vendors but still are serious security issues"".
-
Data Breaches ☛ Covenant Care patient and employee data being leaked by ransomware group
In November, Hunters International claimed that they had attacked Covenant Care. Since that time, they have been leaking what appears to be more and more patients’ protected health information (PHI) and employees’ personal information.
Covenant Care operates services providing skilled nursing, residential care, therapy services, and home health care at 29 locations in California and Nevada.
There is no notice on their website about any data security incident and nothing posted on HHS’s public breach tool. According to Hunters, they encrypted files, but there is nothing on Covenant Care’s site that indicates any disruption in services or care at all.
-
Data Breaches ☛ Petersen Health Care allegedly a victim of a cyberattack, but not much is known at this point
On November 21, the Cactus ransomware gang added Petersen Health Care to its leak site. The listing has been updated since then. As proof of claims, Cactus leaked several screenshots of identity documents like passports. They did not indicate whether these were employee documents or patient-related documents, although it would be more likely if they were employee-related. There were no files that were marked as patient or medical records, and Cactus did not state whether they encrypted files or systems.
-
PT ☛ MoD fined £350k over data breach that endangered lives of Afghan interpreters
The Ministry of Defence has been fined £350,000 over a data breach that divulged the identities of hundreds of Afghan nationals who worked for the UK government in Afghanistan.
According to data watchdog the Information Commissioner’s Office, the incident allowed 245 recipients of an email about the evacuation of eligible people to see who else the communication had been sent to and even gave thumbnail images of 55 recipients.
The email was sent by the team responsible for the UK’s Afghan Relocations and Assistance Policy on 20 September 2021, weeks after the UK and United States had left Kabul and the Taliban had regained control of Afghanistan. At the time the individuals involved were understood to be interpreters.
-
Severn Valley Medical Practice data breach leads to sacking
The data breach was confirmed by Severn Valley Medical Practice, which oversees the Henwick Halt Medical Centre in St John’s and the Lyppard Grange Medical Centre in Warndon.
A letter was sent by the practice informing its patients about the data breach, which relates to a discovery made on Thursday, October 26, when a member of the clinical team accessed data belonging to patients.
-
Becker's Hospital Review ☛ AHA opposes HHS’ plan for cybersecurity fines
The American Hospital Association said HHS’ plan to levy financial penalties in the event of a cyberattack on a healthcare organization would be counterproductive.
In a Dec. 6 statement, the AHA said it is advocating for the HHS to review its proposal that requires healthcare organizations to be compliant with new cybersecurity requirements and imposes financial penalties for noncompliance.
“The AHA cannot support proposals for mandatory cybersecurity requirements being levied on hospitals as if they were at fault for the success of hackers in perpetrating a crime,” AHA President and CEO Rick Pollack said in the statement. “Imposing fines or cutting Medicare payments would diminish hospital resources needed to combat cyber crime and would be counterproductive to our shared goal of preventing cyberattacks.”
On Dec. 6 the HHS released a concept paper that outlined a new cybersecurity strategy aimed at enhancing the security of the healthcare sector.
-
Ars Technica ☛ Ted Cruz wants to stop the FCC from updating data-breach notification rules
Sen. Ted Cruz (R-Texas) and other Republican senators are fighting a Federal Communications Commission plan to impose new data-breach notification requirements on telecom providers. In a letter sent to FCC Chairwoman Jessica Rosenworcel today, the senators claim the pending FCC action would violate a congressional order.
The letter was sent by Cruz, Sen. Minority Leader Mitch McConnell (R-Ky.), Sen. John Thune (R-S.D.), and Sen. Marsha Blackburn (R-Tenn.). They say the proposed data-breach notification rules are preempted by an action Congress took in 2017 to kill an assortment of privacy and security rules issued by the FCC.