Security Leftovers
-
LWN ☛ OpenSSH announces DSA-removal timeline
For those of you still using DSA keys with SSH: the project has announced its plans to remove support for that algorithm around the beginning of 2025.
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (chromium), Fedora (chromium, python-paramiko, tigervnc, and xorg-x11-server), Oracle (ipa, libxml2, python-urllib3, python3, and squid), Red Hat (.NET 6.0, .NET 7.0, .NET 8.0, container-tools:4.0, fence-agents, frr, gnutls, idm:DL1, ipa, kernel, kernel-rt, libarchive, libxml2, nss, openssl, pixman, python-urllib3, python3, tigervnc, tomcat, and virt:rhel and virt-devel:rhel modules), SUSE (gstreamer-plugins-bad), and Ubuntu (firefox, Go, linux-aws, linux-gcp-5.15, linux-intel-iotg-5.15, linux-iot, linux-oem-6.1, and twisted).
-
RiskyBiz ☛ Ransomware wrecks Paraguay’s largest telco
A ransomware attack has wreaked havoc inside the network of Tigo, the largest mobile operator and internet service provider in Paraguay.
-
Bleeping Computer ☛ Finland warns of Akira ransomware wiping NAS and tape backup devices
The agency says that the threat actor’s attacks accounted for six out of the seven cases of ransomware incidents reported last month.
[...]
The observed post-compromise activity includes mapping the network, targeting backups and critical servers, stealing usernames and passwords from Windows servers, encrypting important files, and encrypting disks of virtual machines on virtualization servers, particularly those using VMware products.
-
Wired ☛ US School Shooter Emergency Plans Exposed in Raptor Technologies Data Leak
Thousands of emergency planning documents from US schools—including their safety procedures for active shooter emergencies—were leaked in a trove of more than 4 million records that were inadvertently made public. Last month, security researcher Jeremiah Fowler discovered 800 gigabytes of files and logs linked to school software provider Raptor Technologies. The firm provides software that allows schools to track student attendance, monitor visitors, and manage emergency situations. Raptor says its software is used by more than 5,300 US school districts and 60,000 schools around the world.
-
Data Breaches ☛ US School Shooter Emergency Plans Exposed in Raptor Technologies Data Leak
Note: Independently and unaware of Fowler’s activities, DataBreaches had also been contacting Raptor Technologies about their leak after another researcher sent DataBreaches a tip on November 3.
Unfortunately, the tip had been sent to a rarely used account, so DataBreaches did not see it until December 3, but then DataBreaches immediately contacted a school district on December 3 through their secure urgent tip line and urged them to contact Raptor to get files locked down. DataBreaches provided the district with a link to an exposed PDF file of more than 100 pages containing personal information and portrait pictures of all their students.
That school district never even replied.
-
IT Pro ☛ UK CISO’s are cowing to ransomware demands more than you think, here’s why they shouldn’t pay up
One-third of UK-based CISOs have confessed to paying ransomware groups millions of dollars in recent years in a bid to alleviate the impact of an attack, according to new research.
Analysis from security firm Trellix found four-in-ten UK CISOs have managed a ransomware attack in the last five years – and in every single case, their organization opted to pay.
Trellix found that one-third of CISOs paid between $5 million and $15 million for a ransom demand while 13% paid between $10 and $15 million.
The minimum ransom paid by all UK businesses across a five year period stood at around $250,000, the study found.
-
Erie VA Medical Center says it regrets veteran info disclosure
The Erie VA Medical Center says it regrets any preventable disclosure of sensitive veteran information and takes appropriate action to inform and protect impacted individuals as quickly as possible.
The statement, issued Monday, comes almost eight full weeks after a printing error was discovered about the potential disclosure of limited information that may have been sent to another Department of Veterans Affairs (VA) patient by mistake back in around mid-November 2023.
A total of 2,380 veterans in Pennsylvania, Ohio, New York, New Jersey, Delaware, West Virginia, Maryland, Virginia, Kentucky and Delaware had to be notified of the potential disclosure.
-
Reuters ☛ Hackers hit Moscow internet provider in response to Kyivstar cyber attack - source
Hackers linked to Ukraine’s main spy agency have breached computer systems at a Moscow-based internet provider in retaliation for a Russian cyber attack against Ukrainian telecom giant Kyivstar, a source with direct knowledge of the operation told Reuters on Tuesday.
The hacking group, dubbed “Blackjack”, has previously been linked to the Security Service of Ukraine (SBU). The hackers deleted 20 terrabytes of data at M9 Telecom, a small Russian internet and TV provider, leaving some Moscow residents without internet, the source said.
-
Politico LLC ☛ Taiwan bombarded with cyberattacks ahead of election
Taiwan faces a deluge of cyberattacks days before a critical presidential election with experts blaming China for an unprecedented and increasingly sophisticated level of interference.
-
HIPAA ☛ Former Executive Sentenced to Probation for HIPAA Violation
Mark Kevin Robison, a former vice president of Commonwealth Health Corporation (now Med Center Health) in Kentucky was also ordered to pay $140,000 in restitution.
[...]
OPTA Kentucky was dissolved in 2014, and Delaware OPTA was incorporated the same year with Dobson listed as the sole owner. Delaware OPTA continued to develop the same software, and Robison hoped to share in the profits from the sale of the software when he left CHC. In 2014, Robison instructed the CHC IT department to share patient data with Dobson to test the software. The disclosures occurred between 2014 and 2015 without authorization from CHC or the patients concerned.