Security Leftovers
-
Ubuntu Security Updates Addressed Node.js Vulnerabilities
The Ubuntu security team has recently addressed several vulnerabilities affecting Node.js packages in Ubuntu 22.04 LTS. These vulnerabilities were initially found in OpenSSL. As the Node.js uses OpenSSL, it affected node.js packages in Ubuntu 22.04.LTS “Jammy Jellyfish”. However, Ubuntu has mentioned that other Ubuntu versions are not vulnerable in the CVE status. Staying informed about potential vulnerabilities and promptly addressing them is crucial to ensure a secure and resilient environment.
-
3 Malicious PyPI Packages Hide CoinMiner on Linux Devices
In a recent cybersecurity revelation, the Python Package Index (PyPI) has fallen victim to the infiltration of three malicious packages: modularseven, driftme, and catme. These packages, although now removed, managed to amass a concerning 431 downloads within the past month, posing a significant threat to the security of Linux devices.
-
LWN ☛ Security updates for Thursday
Security updates have been issued by CentOS (ImageMagick), Debian (chromium), Fedora (golang-x-crypto, golang-x-mod, golang-x-net, golang-x-text, gtkwave, redis, and zbar), Mageia (tinyxml), Oracle (.NET 7.0, .NET 8.0, java-1.8.0-openjdk, java-11-openjdk, python3, and sqlite), Red Hat (gstreamer-plugins-bad-free, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and java-21-openjdk), SUSE (kernel, libqt5-qtbase, libssh, pam, rear23a, and rear27a), and Ubuntu (pam and zookeeper).
-
Tilbury District Family Health Team confirms patient data impacted by October ransomware attack
The fallout continues following last year’s ransomware attack that resulted in a massive data breach at five southwestern Ontario hospitals.
The Tilbury District Family Health Team (TDFHT) has confirmed that its patient health information was impacted by the cyberattack on October 23, 2023, which also resulted in varying amounts of patient and staff data being stolen from Bluewater Health, the Chatham-Kent Health Alliance (CKHA), Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital.
The attack targeted TransForm Shared Service Organization, which runs technology systems at all five hospitals and TDFHT.
In a letter to affected patients/clients, TDFHT said it determined that its electronic medical record was not compromised during the data breach. However, the health team said data that was stored on a shared drive was stolen.
-
Bleeping Computer ☛ CISA pushes federal agencies to patch Citrix RCE within a week
Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week.
The cybersecurity agency added the flaws to its Known Exploited Vulnerabilities Catalog today, saying that such vulnerabilities are “frequent attack vectors for malicious cyber actors” that pose “significant risks to the federal enterprise.”
Citrix urged customers on Tuesday to immediately patch Internet-exposed Netscaler ADC and Gateway appliances against the CVE-2023-6548 code injection vulnerability and the CVE-2023-6549 buffer overflow impacting the Netscaler management interface that could be exploited for remote code execution and denial-of-service attacks, respectively.
Those who can’t immediately install the security updates can block network traffic to affected instances and ensure they’re not accessible online as a temporary workaround.
-
TechCrunch ☛ As hacks worsen, SEC turns up the heat on CISOs
Now in its penultimate year, ShmooCon brings together hackers, researchers, government officials and cybersecurity executives to discuss some of the most pressing issues facing the security community. A common theme heard among attendees this year is the increasingly risky nature of working in the cybersecurity industry itself. The infosec community is no stranger to legal risks — perhaps an inherent byproduct of working in the field — but is becoming more aware of the mounting legal oversight and consequences that go with the work.
-
HMSA member data possibly compromised after data breach
Hawaii Medical Service Administration employee information may be compromised after their vendor partner fell victim to a cyber attack.
In early Sept. 2023, HMSA’s health management service vendor, Navvis, announced they experienced a data privacy event that compromised the personal and protected health information for former and current employees.
Navvis immediately launched an investigation to find the scope of the incident and sought involvement of authorities.
-
Canberra Times ☛ Patient data hacked at Canberra medical centre
Hackers have broken into the medical records at Crace Medical Centre.
An announcement to patients said: “unfortunately, our investigations have identified that patient data was accessed and taken from our systems by an unauthorised third party”.
The hack happened on December 12 but patients were only texted early afternoon on Thursday, January 18.
-
Yahoo News ☛ Cyberattack on Ukraine’s Kyivstar will cost parent Veon almost $100 million in sales
Veon, the parent company of Ukraine’s largest mobile operator Kyivstar, will take a hit of around 3.6 billion hryvnias ($95 million) in revenue in 2024 due to a massive cyberattack in December, the Dutch telecoms group estimated on Thursday. The estimated lost revenue is associated with measures Kyivstar has taken to compensate customers for inconveniences caused by the disruptions, Veon said. The cyberattack was the largest since Russia launched its war on Ukraine in February 2022, knocking out services including mobile phone, damaging IT infrastructure in several regions, and putting people at risk of not receiving air raid alerts.
-
Data Breaches ☛ Inside the Massive Naz.API Credential Stuffing List
It feels like not a week goes by without someone sending me yet another credential stuffing list. It’s usually something to the effect of “hey, have you seen the Spotify breach”, to which I politely reply with a link to my old No, Spotify Wasn’t Hacked blog post (it’s just the output of a small set of credentials successfully tested against their service), and we all move on. Occasionally though, the corpus of data is of much greater significance, most notably the Collection #1 incident of early 2019. But even then, the rapid appearance of Collections #2 through #5 (and more) quickly became, as I phrased it in that blog post, “a race to the bottom” I did not want to take further part in.