Security Leftovers
-
OpenSSF (Linux Foundation) ☛ Introducing SBOMit: Adding Verification to SBOMs
We’re happy to announce the launch of SBOMit – a tool to add in-toto attestations to SBOMs (Software Bills of Material). The SBOMit specification is a SBOM-format independent method for attesting components with additional verification information.
-
Silicon Angle ☛ New cyberthreat actor GambleForce targets websites in eight countries
Cybersecurity services company Group-IB Global Pvt. Ltd. today published details of a previously unknown threat group that has been active in targeting gambling, government, retail and travel websites in Australia, China, India, Indonesia, Philippines, South Korea, Thailand and Brazil. Dubbed “GambleForce,” the threat group uses a set of basic yet very effective techniques, including SQL injections [...]
-
Security Week ☛ Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products
Dell is informing PowerProtect DD product customers about 8 vulnerabilities, including many rated ‘high severity’, and urging them to install patches.
-
SANS ☛ T-shooting Terraform for DShield Honeypot in Microsoft trap Azure , (Wed, Dec 13th) [Ed: Azure is a giant back door for surveillance on tenants]
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (chromium and rabbitmq-server), Fedora (chromium, kernel, perl-CryptX, and python-jupyter-server), Mageia (curl), Oracle (curl and postgresql), Red Hat (gstreamer1-plugins-bad-free, linux-firmware, postgresql, postgresql:10, and postgresql:15), Slackware (xorg), SUSE (catatonit, containerd, runc, container-suseconnect, gimp, kernel, openvswitch, poppler, python-cryptography, python-Twisted, python3-cryptography, qemu, squid, tiff, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (xorg-server and xorg-server, xwayland).
-
The Conversation ☛ Why federal efforts to protect schools from cybersecurity threats fall short
In August 2023, the White House announced a plan to bolster cybersecurity in K-12 schools – and with good reason. Between 2018 and mid-September 2023, there were 386 recorded cyberattacks in the U.S. education sector and cost those schools $35.1 billion. K-12 schools were the primary target.
The new White House initiative includes a collaboration with federal agencies that have cybersecurity expertise, such as the Cybersecurity and Infrastructure Security Agency, the Federal Communications Commission and the FBI. Technology firms like Amazon, Google, Cloudflare, PowerSchool and D2L have pledged to support the initiative with training and resources.
-
Data Breaches ☛ Neurology Center of Nevada allegedly attacked by Qlin
In addition to screenshots, Qlin claimed to be leaking a 198.20 GB file with the center’s data. But as we experienced in investigating their listing for Cardiovascular Consultants, the alleged tranche does not download and Qlin does not seem to respond to requests to address their download failures.
[...]
DataBreaches has sent an inquiry to NCN about the currently alleged attack. No reply has been received by publication.
-
WCVB ☛ Former employee of Massachusetts high school pleads guilty in cyberattack
A former information technology manager at a Massachusetts high school pleaded guilty Wednesday to targeting the school’s network during a cyberattack earlier this year.
Conor LaHiff, 30, of Ayer, pleaded guilty in Boston’s federal court to one count of unauthorized damage to protected computers, according to the U.S. Attorney’s Office. That charge was brought against him on Nov. 29.
LaHiff was formerly employed as a desktop and network manager at a public high school in Essex County until he was fired in June. Prosecutors said that after being fired, LaHiff used his administrative access to deactivate and delete thousands of Apple IDs from the school’s Apple School Manager account — software used to manage student, faculty and staff information technology resources.
-
Hospital systems slowly coming back online after October cyberattack [Ed: Windows TCO]
The five regional hospitals affected by a ransomware cyberattack are confirming that charting systems started coming back online last week and have continued this week.
“As we continue to bring systems online, we are closely monitoring system integrity during network restoration at each institution,” hospital officials said in a statement on Thursday morning. “This is on pace with our previously shared goal to have core clinical systems online by December 15.”
-
Eesti Rahvusringhääling ☛ Ee: 10,000 people’s data stolen in genetic testing company Asper Biogene leak
Personal and health data belonging to approximately 10,000 people has been illegally downloaded from the Tartu-based genetic testing company Asper Biogene’s database, the State Prosecutor’s Office said on Thursday. Those affected are in the process of being notified.
A criminal investigation has been launched by the Southern Prefectural Criminal Bureau which is in the process of collecting evidence. The Data Protection Inspectorate (Andmekaitse Inspektsioon) has also initiated a supervisory procedure against the data processor.
Asper Biogene, which specializes in the diagnostics of hereditary diseases, alerted the Police, the State Information System Agency (Riigi Infosüsteemi Amet), and the Data Protection Inspectorate on November 11.
-
Mandiant ☛ Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors [Ed: Windows TCO]
The temporary folder path that’s created is dependent on the archiving utility, such as WinRAR, that’s used to unpack the archive file.
-
Information Security Media Group, Corporation ☛ FCC Approves Major Updates to Data Breach Notification Rules
The U.S. Federal Communications Commission voted Wednesday along party lines to update 16-year-old privacy protection rules and expand breach notification requirements as part of an effort to provide law enforcement and the public with real-time information about harmful data breaches.
The new rule expands the scope of the FCC’s breach notification requirements to cover all personal identifiable information that carriers and telecommunications relay service providers maintain on their customers. Those organizations will be tasked with providing individual, per-breach notifications “no later than seven business days after reasonable determination of a breach” affecting 500 or more customers, according to the guidelines.
-
Prolonged internet outage forces Henry County Schools to return to basics
Under normal circumstances, Henry County teacher Samantha Hawthrone’s third graders would pull out their Chromebooks when building pie charts and histograms.
But last week, Hawthrone’s Austin Road Elementary School class was constructing bar graphs the old-fashioned way — on paper printed out for each student.
Instead of building the charts using a computer program, the students were pitching colorful dice onto their desks and recording how many sixes, fives and twos they rolled on a paper graph of purple, green and orange.
[…]
A month after reporting that it would restrict internet access because of “suspicious activity” on its internal network, the south metro Atlanta school system — the eighth largest in the state at around 43,000 students — is still largely operating without the web.
-
BBC ☛ Corringham school apologizes after sharing personal pupil data
A school has apologised for sending an email to parents which listed the personal data of 69 pupils who were being disciplined for bad behaviour.
The principal at Ortu Gable Hall School in Corringham, Essex, said the email was sent by mistake and parents were asked to delete it.
The message included an attachment which contained information about free school meal eligibility and pupils’ special educational needs (SEN) status.
-
Data Breaches ☛ New leak site reveals yet two more U.S. medical sector victims
On its leak site, DragonForce claims it exfiltrated 55.78 GB of data. They also provide a link to what they call “publicated files,” but the connection to what is supposed to be a data tranche has timed out on multiple attempts to connect to it. DataBreaches has sent an inquiry/request to DragonForce to attempt to get the data tranche to examine it.