Security and Windows TCO Leftovers

posted by Roy Schestowitz on Jan 17, 2024

• LWN ☛ Security updates for Tuesday

  Security updates have been issued by Gentoo (KTextEditor, libspf2, libuv, and Nettle), Mageia (hplip), Oracle (container-tools:4.0, gnutls, idm:DL1, squid, squid34, and virt:ol, virt-devel:rhel), Red Hat (.NET 6.0, krb5, python3, rsync, and sqlite), SUSE (chromium, perl-Spreadsheet-ParseXLSX, postgresql, postgresql15, postgresql16, and rubygem-actionpack-5_1), and Ubuntu (binutils, libspf2, libssh2, mysql-5.7, w3m, webkit2gtk, and xerces-c).

• OpenSSF (Linux Foundation) ☛ OpenSSF Newsletter: January 2024

• Silicon Angle ☛ Group-IB uncovers 16,000 malicious domains used in Inferno Drainer crypto scam

  A new report today from cybersecurity services company Group-IB Global Pvt. Ltd. details the uncovering of more than 16,000 malicious domains created during the Inferno Drainercrypto scam last year.

• Bleeping Computer ☛ CISA: Critical Abusive Monopolist Microsoft SharePoint bug now actively exploited

  CISA warns that attackers are now exploiting a critical Abusive Monopolist Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution.

• Security Week ☛ Cloud Server Abuse Leads to Huge Spike in Botnet Scanning

  Netscout sees over one million IPs conducting reconnaissance scanning on the web due to increase in use of cheap or free cloud servers.

• Security Week ☛ Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins

  The vulnerabilities are an authentication bypass flaw tracked as CVE-2023-46805 and a command injection issue tracked as CVE-2024-21887. Chaining the two enables a remote, unauthenticated attacker to execute arbitrary commands on the targeted appliance.

• Red Hat Official ☛ Patch management needs a revolution, part 2: The flood of vulnerabilities

  When I started working in the security field over 20 years ago, CVE (Common Vulnerabilities and Exposures) had just been created. In 1999, MITRE, a US-based Federally Funded Research and Development Corporation (FFRDC) was established to advance national security, creating the CVE program as a way of cataloging vulnerabilities so that any single vulnerability could be distinguished from another. It was a few years before it gained wider adoption and longer yet to be considered more or less mainstream (although the truth is, even today, not every vulnerability has an associated CVE, nor is every CVE an actual vulnerability!). It was certainly miles ahead of what we used to do; back then if there were two vulnerabilities in sendmail you had to refer to them by the vulnerable function or, if you were lucky, a Bugtraq ID (or BID) had been assigned.

• GamingOnLinux ☛ Framework email customers for data breach from accounting partner getting phished

  No one is safe from data breaches, and at times it won't even be the company you've directly interacted and purchased from but their partners, like what recently happened to Framework. Framework are the company that make the modular Framework laptop, which is really cool!

• GamingOnLinux ☛ X.Org and Xwayland get new releases due to security issues [Ed: Xorg has some new patches. But those are typically a risk if 1) you have some graphical software. 2) that software was recently updated. 3) it was updated to take advantage of Xorg flaws. 4) distro repos did not detect the malice in (3). Most of the time it's theoretical threat, from untrusted software or site (webGL?).]

  Here's another reminder that checking regularly for updates is always a good thing, because there's new releases available for both the X.Org X and Xwayland due to multiple reported security issues.

• Critical Linux Security Updates for Debian 12 and Debian 11

  In the dynamic realm of cybersecurity, staying ahead of potential threats is crucial for maintaining a secure computing environment. For Debian GNU/Linux users, keeping the system updated with the latest security patches is an essential step towards fortifying your digital fortress. These updates address several security vulnerabilities to enhance the overall system security.

  In this article, we will delve into the recent Debian Linux security updates, focusing on Debian GNU/Linux 12 “Bookworm” and Debian GNU/Linux 11 “Bullseye” operating systems.

• Bluewater Health getting new, more secure hospital info system

  Bluewater Health, hardest hit by a cyberattack on five Southwestern Ontario hospitals last fall, had a relatively dated system for storing and sharing patient information at the time, Bluewater Health’s board chairperson says.

  “It did make a difference,” said Margaret Dragan, about the hospital group’s 20-plus-year-old hospital information system that’s been eyed for an update since 2013.

  Other hospitals in Chatham-Kent, Leamington and Windsor affected by the ransomware attack, detected Oct. 23, via shared supply and technology systems provider TransForm Shared Service Organization, already were using a newer Oracle Cerner hospital information system at the time, Dragan said.

• Windows TCO

  • US News And World Report ☛ Top Official Says Kansas Courts Need at Least $2.6 Million to Recover From Cyberattack

    Luckert's written statement said the courts needed the money not only to cover the costs of bringing multiple computer systems back online but to pay vendors, improve cybersecurity and hire three additional cybersecurity officials. She also said the price tag could rise.

    “This amount does not include several things: recovery costs we will incur but cannot yet estimate; notification costs that will be expended to notify individuals if their personal identifiable information has been compromised; and any services, like credit-monitoring, that the branch may decide to provide for the victims,” Luckert's statement said.

  • Information Security Media Group, Corporation ☛ Exclusive: Cloud Vendor Returns Stolen Hospital Data

    A cloud services firm has turned over to a New York hospital alliance the patient data stolen in an August ransomware attack by the notorious LockBit gang. The hospital group - North Star Health Alliance - had filed a lawsuit against LockBit in November as a legal maneuver to force the storage firm to return the patient data the cybercriminals had exfiltrated from the hospitals and stashed on the Massachusetts vendor's servers.

    Wasabi Technologies recently turned over to North Star Health Alliance data that LockBit stole and stored on the Boston-based company's servers, said David Hoffman, general counsel of Claxton-Hepburn Medical Center, one of the three North Star Health Alliance members that was affected by the August attack (see: Hospitals Sue LockBit, Ask Cloud Firm to Return Stolen Data).

    Hoffman, in an exclusive interview with Information Security Media Group on Monday, said North Star Health Alliance had sought the return of the patient data from Wasabi to help the healthcare group to assess the information compromised in the incident and to notify affected individuals.

  • Data Breaches ☛ Cloud Vendor Returns North Star Health Alliance Data Stolen and Stored by LockBit

    Read more at BankInfoSecurity. Wasabi Technologies was cooperative and had already reportedly turned over copies of the data voluntarily to the FBI prior to the filing of the lawsuit to obtain a subpoena for a copy of the data.