Security and FUD, Windows TCO
-
NKAbuse Malware Attacking Linux Desktops & Use Corn Job for Persistence [Ed: This is not a Linux issue, it's old Apache software issue]
Threat actors target Linux systems due to their prevalence in server environments, and cron jobs offer a discreet means of maintaining unauthorized access over an extended period.
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (freeimage, ghostscript, intel-microcode, spip, and xorg-server), Fedora (chromium, perl, perl-Devel-Cover, perl-PAR-Packer, polymake, PyDrive2, seamonkey, and vim), Gentoo (Leptonica), Mageia (audiofile, gimp, golang, and poppler), Oracle (buildah, containernetworking-plugins, gstreamer1-plugins-bad-free, kernel, kernel-container, libxml2, pixman, podman, postgresql, postgresql:15, runc, skopeo, tracker-miners, and webkit2gtk3), and SUSE (fish).
-
Data Breaches ☛ If at first you don’t succeed, screw it up again?
In mid-November, DataBreaches reported that AlphV threat actors had added MeridianLink to their leak site. When their victim wouldn’t pay them, AlphV (aka “BlackCat”) filed a complaint with the Securities & Exchange Commission alleging that MeridianLink failed to comply with the SEC’s new cybersecurity rule requiring notification within four days of discovering a material breach.
-
Data Breaches ☛ Troubling attacks on medical sector continue: cancer center’s data leaked, specialty infusion pharmacies locked?
This week, the group known as Hunters International claimed responsibility for an attack on the Fred Hutchinson Cancer Center in Washington. Yesterday, they dumped data from an attack that allegedly included the exfiltration of 533.1 GB of files. Inspection of the tranche suggests that the attack mainly involved internal documents. However, the fact that patients were contacted directly with what has been reported by at least one patient as accurate information from their records suggests that the attackers did get at least some patient data. The file tree that was leaked also indicates patient files were accessible.
-
Cyber Chaos in Ukraine: NoName Ransomware Strikes Prominent Targets
Ukraine has become the battleground for a cyber onslaught, with the NoName ransomware attack claiming responsibility for a series of attacks on various entities.
The NoName ransomware attack has specifically targeted prominent organizations in Ukraine, as revealed by the threat actor on their dark web portal. The list includes the National Securities and Stock Market Commission, Accordbank, Unex Bank, Energy Community, and VELTA.
[…]
The group first emerged in March 2022, orchestrating Distributed Denial of Service (DDoS) attacks on Ukrainian news and media websites, such as Zaxid and Fakty UA. Their motivations are rooted in silencing voices perceived as anti-Russian, reflecting the broader geopolitical tensions in the region.
Operating through Telegram channels, NoName057(16) utilizes GitHub to host its DDoS tool website and associated repositories.
-
The Times Of Israel ☛ Israel-linked group claims cyberattack that shuts down 70% of Iran’s gas stations
A hacking group that has previously been linked to Israel claimed on Monday to have paralyzed gas stations across Iran in a cyberattack.
The group known as “Gonjeshke Darande,” or “predatory sparrow,” said that it had disabled “a majority of the gas pumps throughout Iran.”
“This cyberattack comes in response to the aggression of the Islamic Republic and its proxies in the region,” the group said in statements in Persian and English.