Security Leftover and More Windows TCO Stories

posted by Roy Schestowitz on Dec 16, 2023

• LWN ☛ Security updates for Friday

  Security updates have been issued by Debian (bluez and haproxy), Fedora (curl, dotnet6.0, dotnet7.0, tigervnc, and xorg-x11-server), Red Hat (avahi and gstreamer1-plugins-bad-free), Slackware (bluez), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, cosign, curl, gstreamer-plugins-bad, haproxy, ImageMagick, kernel, kernel-firmware, libreoffice, tiff, traceroute, tracker-miners, webkit2gtk3, and xrdp), and Ubuntu (audiofile, budgie-extras, libreoffice, strongswan, vim, and yajl).

• The Register UK ☛ Ledger JS library poisoned to steal $650K+ from wallets • The Register [Ed: Upstream issue; many lessons to be learned from this]

  Cryptocurrency wallet maker Ledger says someone slipped malicious code into one of its JavaScript libraries to steal more than half a million dollars from victims.

  The library in question is Connect Kit, which allows DApps – decentralized software applications – to connect to and use people's Ledger hardware wallets.

  Pascal Gauthier, CEO of Ledger, in a public post said a former employee had been duped by a phishing attack, which allowed an unauthorized party to upload a malicious file to the company's NPM registry account.

  "The attacker published a malicious version of the Ledger Connect Kit (affecting versions 1.1.5, 1.1.6, and 1.1.7)," said Gauthier. "The malicious code used a rogue WalletConnect project to reroute funds to a hacker wallet."

• Hacker News ☛ 116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems [Ed: Same as above]

  Cybersecurity researchers have identified a set of 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom backdoor.

  "In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both," ESET researchers Marc-Etienne M.Léveillé and Rene Holt said in a report published earlier this week.

• Data Breaches ☛ Update: Fred Hutch Cancer Center attack claimed by Hunters International

  On December 8, DataBreaches reported that Fred Hutchinson Cancer Center had been the victim of a ransomware attack and that the then-unnamed threat actors were trying to extort patients directly.

  Today we learned that the threat actors are Hunters International, who listed the incident on their leak site. As of publication, they have not leaked data, but threaten to leak 533.1 GB of information consisting of 711,627 files. They thumbnail 16 screenshots that will also allegedly be available soon but are not easily readable at this time.

• China issues draft contingency plan for data security incidents

  China on Friday proposed a four-tier classification to help it respond to data security incidents, highlighting Beijing’s concern with large-scale data leaks and hacking within its borders.

  The contingency plan comes amid heightened geopolitical tensions with the United States and its allies and follows an incident last year when a hacker claimed to have procured a trove of personal information on one billion Chinese from the Shanghai police.

  China’s Ministry of Industry and Information Technology (MIIT) published a detailed draft plan laying out how local governments and companies should assess and respond to incidents.

• Windows TCO

  • Employee files compromised after ransomware attack on Campbell County School District

    The Campbell County School District announced Thursday that it was recently the target of a ransomware incident that allowed an unauthorized person to gain access to employee files.

    The school district did not specify when the incident occurred. The district said the incident impacted the availability and functionality of its computer network.

    Through an investigation, the school district determined that the unauthorized actor gained access to files from its network. The files contained confidential information of some school employees, including Social Security numbers and financial account numbers.

  • Newfound school district still working to recover data after cyber attack

    Newfound Area School District is recovering from a Nov. 15 cyber breach, described as a ransomware attack because it locked users out, although the unknown hacker did not make a financial demand.

    Jason Sgro, a senior partner at the Atom Group, the cyber response company based in Portsmouth working to restore the computer network, told members of the school board that most functions, including printing, should be restored by Dec. 15. He said the timeline for restoring financial data at the central office “is definitely still in question. That will be a massive effort.”

    […]

    The ransomware entered the system through a laptop and infected the computers at five schools and the central office.

  • Bleeping Computer ☛ Delta Dental says data breach exposed info of 7 million people

    Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach.

    Delta Dental is a dental insurance provider that covers 85 million people across 50 states, but this data breach notice concerns the California division of the company.

    According to a Delta Dental data breach notification, the company suffered unauthorized access by threat actors through the MOVEit file transfer software application.