Security and Windows TCO Stories
-
Krasue RAT Malware: A New Threat to Linux Systems [Ed: It impacts not Linux but Apache etc.]
Due to Group-IB’s analysis, the details of this remote access trojan have been clarified, providing critical signs of compromise and YARA rules. Scientists have discovered nine different C2 IP addresses hardcoded into Krasue, one of which uses port 554, which is frequently connected to RTSP connections. This odd choice in communication technique highlights the special qualities of Krasue RAT. Moreover, similarities to XorDdos, another Linux malware, point to a possible shared author/operator or piece of code.
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (firefox-esr), Fedora (kernel), Mageia (bluez), Oracle (fence-agents, gstreamer1-plugins-bad-free, opensc, openssl, postgresql:10, and postgresql:12), Red Hat (postgresql:15 and tigervnc), Slackware (proftpd), and SUSE (docker, rootlesskit, firefox, go1.20-openssl, go1.21-openssl, gstreamer-plugins-bad, libreoffice, libssh2_org, poppler, putty, rabbitmq-server, wireshark, xen, xorg-x11-server, and xwayland).
-
Albuquerque Journal ☛ Lovelace restores patient portal following cyberattack
The inaccessible patient portal caused difficulties for some people in rescheduling appointments, getting necessary prescriptions refilled — which they had to go do in person — and contacting Lovelace staff for help. The attack also led Lovelace to reroute emergency room patients to other hospitals for days.
-
Data Breaches ☛ Statement of the Donald W. Wyatt Detention Facility Regarding November 2023 Data Security Incident [Ed: "Data Security Incident" as euphemism for getting cracked, likely Windows based on their wording]
On November 2, 2023, we discovered that a virus had impacted the Facility’s computer systems. We quickly took steps to minimize its impact, took other necessary actions to protect the Facility’s systems, and have been investigating the matter. We have been working with a forensic security consultant to identify the nature and scope of the incident and the data taken from the Facility’s system. The FBI is also investigating this incident.
-
SCMP ☛ Online platform Carousell violated Hong Kong privacy laws, watchdog finds, after data of over 320,000 locals leaked
Popular online marketplace Carousell violated Hong Kong’s privacy laws, a watchdog said on Thursday, following the discovery of the personal data of more than 320,000 local users available for sale on the dark web.
The Office of the Privacy Commissioner for Personal Data announced the findings from its investigation into the leak, which the platform reported in October last year, calling the incident “serious” given its scale.
“With regards to the information leaked, it involves email addresses, phone numbers, birthdays, birth months and years,” privacy commissioner Ada Chung Lai-ling said.
-
India Times ☛ Patient records lost, equipment damaged at several urban primary health centers by cyclone
Patient records, medical instruments, drugs, syringes, needles and sanitary pads in several urban primary health centres (UPHC) were swept away during the recent cyclone. Officials at the Greater Chennai Corporation are working with manufacturers and dealers to repair or replace equipment but say they may not be able to do anything about lost medical record,s including vaccination schedules for pregnant women and newborns.
-
The Record ☛ Google discovers another Chrome zero-day exploited in the wild [Ed: When your 'browser' is more like a hypervisor, not a Web browser]
Google Chrome has released an emergency security fix for a zero-day flaw that has been exploited in the wild.
This vulnerability, tracked as CVE-2023-7024, affects the desktop versions of the browser on Mac, Linux and Windows.
It is the eighth actively exploited zero-day in Chrome discovered since the start of 2023. Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group first reported it on December 19.
-
COC alerts employees to third-party data breach [Ed: Ransomware implies Windows is extremely likely to be the culprit]
“The review determined that the data involved contained some of your personal information, including your name, and one or more of the following: Social Security number, driver’s license number, passport number, general health information, health insurance information, and other employment-related information,” the letter reads.